Two-level PDU reassembly

[Jérôme Hamm <jerome.hamm () planete-sciences org>]

Hi,

I am working on ssh dissection. I am now trying to reassemble packets.
Actually there are two levels of fragmentation when you use sftp.
The first level are multiple tcp packets which contain data that must be 
decrypted (when you have the right crypto byte count, for example 
32kiB).
And then the decrypted data contains the sftp data (for example 32kiB 
worth of read file, which do not fit in the previously mentioned 32kiB 
because there are headers for sftp framing, leading to for example [not 
the real value] 32778 bytes), which need to be reassembled separately 
from the crypted data.

How can I achieve this?

If I am not mistaken, the packet_info structure is not recreated in my 
subdissector, so when I change the pinfo->desegment_offset I am actually 
overwriting the value I previously set for tcp reassembly, and all hell 
breaks loose.

Cheers.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe