Wireshark mailing list archives

Re: Reassembling IPP info through USB

From: Anders Broman via Wireshark-dev <wireshark-dev () wireshark org>
Date: Thu, 9 Jul 2020 06:24:07 +0000



-----Original Message-----
From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf Of Guy 
Harris
Sent: den 9 juli 2020 04:00
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Reassembling IPP info through USB

On Jul 8, 2020, at 6:06 PM, Jamie Hare <jamie.n.hare () gmail com> wrote:

I am attempting to create a dissector for IPP over USB and am running into 
some issues with the reassembly. I first thought that I could just use a 
reassembly table but with the way the dissectors are run multiple times is 
it necessary to create a PDU/tap combo like TCP or UDP?


Taps are not used for reassembly of PDUs that cover multiple TCP segments or 
multiple UDP datagrams, so taps are not necessary for reassembly of 
IPP-over-USB.

You *do* need to make sure that, in the first pass over the packets, the 
results of the reassembly are saved, just as happens with reassembly with 
other packets, so that, when packets are looked at, in a possibly random 
order, after the first pass, it can be determined where the packet in question 
resides within the reassembled IPP message.

pinfo->fd->visited can be used to track if it's the first pas or not. If you 
search for it in the code you can find how it is used with reassembly in 
many(all) cases.
Regards
Anders
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Attachment: smime.p7s
Description:

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Reassembling IPP info through USB Jamie Hare (Jul 08)
- Re: Reassembling IPP info through USB Guy Harris (Jul 08)
  - Re: Reassembling IPP info through USB Anders Broman via Wireshark-dev (Jul 08)