Wireshark mailing list archives

Re: composite tvbuffs

From: "Scott Mueller" <smueller () osisoft com>
Date: Mon, 27 Sep 2010 13:43:09 -0700

Hi Stephen,

Section 2.7.2 is basically about doing the work that tcp_dissect_pdus
does, and that is certainly an option. Large messages composed in the
way I described with my protocol (which uses TCP) are a special case; I
didn't want to re-work everything for this. Composite tvbuffs sounded
like a good way to deal with this. If they don't work, I'll have to bite
the bullet and do the work.

Thanks again,

Best regards,

M. Scott Mueller

-----Original Message-----
From: wireshark-dev-bounces () wireshark org
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Stephen Fisher
Sent: Friday, September 24, 2010 10:17 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] composite tvbuffs

On Fri, Sep 24, 2010 at 05:33:25PM -0700, Scott Mueller wrote:

Thank you for your response. I'm working with a multi-layered protocol

that relies on TCP/IP, and in some cases the contiguous payload that I

need to work with is spread out across several well-formed messages.


Have you looked at the reassembly information in README.developer, 
specifically section 2.7.2, "Modifying the pinfo struct" ?  That may do 
the job for you, especially if the messages span multiple TCP segments.

The preceding section about using tcp_dissect_pdus could work too, but 
it's geared toward simple TCP reassembly.



________________________________________________________________________
___
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

composite tvbuffs Scott Mueller (Sep 24)
- Re: composite tvbuffs Stephen Fisher (Sep 24)
  - Re: composite tvbuffs Scott Mueller (Sep 24)
    - Re: composite tvbuffs Stephen Fisher (Sep 24)
    - Re: composite tvbuffs Scott Mueller (Sep 27)
    - Re: composite tvbuffs Scott Mueller (Sep 27)