Just before starting, sorry for my english... i'm french.
I'm developing (in C language) a wireshark dissector to dissect a
specific protocol to the company (it's owner of it) where I work but I
have a problems when messages are several TCP frames ... I can not
reassemble the messages when a message is broken into two different
frames TCP, I can not reform it in one message...
I read the readme.dissector and try using two methods:
First method:
tcp_dissect_pdus(tvb, pinfo, tree, dns_desegment, 2,
get_dns_pdu_len, dissect_dns_tcp_pdu, data);
return tvb_captured_length(tvb);
Second method :
guint offset = 0;
while(offset < tvb_reported_length(tvb)) {
gint available = tvb_reported_length_remaining(tvb, offset);
gint len = tvb_strnlen(tvb, offset, available);
if( -1 == len ) {
/* we ran out of data: ask for more */
pinfo->desegment_offset = offset;
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
return (offset + available);
}
col_set_str(pinfo->cinfo, COL_INFO, "C String");
len += 1; /* Add one for the '\0' */
if (tree) {
proto_tree_add_item(tree, hf_cstring, tvb, offset, len,
ENC_ASCII|ENC_NA);
}
offset += (guint)len;
}
/* if we get here, then the end of the tvb coincided with the end of a
string. Happy days. */
return tvb_captured_length(tvb);
But impossible to reassemble the message, I do not understand why ... can you help me please?
I hope you understand my problem ...: /
