Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Wireshark dissector development - Reassembly tcp frames

From: Guillaume Ribière <deokamiyi () gmail com>
Date: Tue, 4 Nov 2014 11:48:03 +0100
Just before starting, sorry for my english... i'm french.

I'm developing (in C language) a wireshark dissector to dissect a specific
protocol to the company (it's owner of it) where I work but I have a
problems when messages are several TCP frames ... I can not reassemble the
messages when a message is broken into two different frames TCP, I can not
reform it in one message...

I read the readme.dissector and try using two methods:

   -

   First method:

   tcp_dissect_pdus(tvb, pinfo, tree, dns_desegment, 2,
               get_dns_pdu_len, dissect_dns_tcp_pdu, data);
           return tvb_captured_length(tvb);

   -

   Second method :

   guint offset = 0;
       while(offset < tvb_reported_length(tvb)) {
           gint available = tvb_reported_length_remaining(tvb, offset);
           gint len = tvb_strnlen(tvb, offset, available);

           if( -1 == len ) {
               /* we ran out of data: ask for more */
               pinfo->desegment_offset = offset;
               pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
               return (offset + available);
           }

           col_set_str(pinfo->cinfo, COL_INFO, "C String");

           len += 1; /* Add one for the '\0' */

           if (tree) {
               proto_tree_add_item(tree, hf_cstring, tvb, offset, len,
                   ENC_ASCII|ENC_NA);
           }
           offset += (guint)len;
       }

       /* if we get here, then the end of the tvb coincided with the end of a
          string. Happy days. */
       return tvb_captured_length(tvb);


But impossible to reassemble the message, I do not understand why ... can
you help me please? I hope you understand my problem ...: /

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: