SCTP De-chunking support

[vineeth vijay <vineethvijaysv () gmail com>]

Hi All,

Has the de-chunking of SCTP within wireshark been attempted yet? I noticed
some old conversations in mailing list in this regard, but nothing concrete
has turned up yet. While trying to do this in tshark, I have tried calling
tshark's process_packet() function from packet-sctp.c file in dissectors
but got nowhere due to linking issues. I feel the way to do this would be:

1) Create a global copy of entire frame at initial stage (Is there any
other way to access the entire frame structure from packet-sctp where
ultimately the decision whether to do de-chunking or not would be made. )
2) In case there are several chunks in the packet, allow the completion of
processing till first chunk and create  composite tvbs consisting of
eth+ip+sctp_header+remaining_individual_chunks.
3) Correct IP checksums and length in the composite Tvb.
4) Process these tvb's individuallly. (Is this possible with the rule to
have a single capture file at a time?? Can a capture file structure be
modified on the fly?)

Is the above process doable without breaking wireshark/tshark processing
structure? Can anybody suggest a better solution...

Vineeth

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe