It seems to me that you need to implement the equivalent of what tcp_dissect_pdus() does for TCP reassembly. You might have a look at that function in packet-tcp.c. > -----Original Message----- > From: [email protected] [mailto:wireshark-dev- > [email protected]] On Behalf Of [email protected] > Sent: Tuesday, April 07, 2009 5:28 PM > To: [email protected] > Subject: [Wireshark-dev] Reassembling packets > > Hello helpful people, > > I'm working on writing a dissector for my protocol. However, one of the > message types within my protocol is a Multi-Part Message. The layout of > the protocol is: > > first byte is packet type: 1 - heartbeat, 2 - data, 3 - multi part > start, 4- mp continuation, 5 - mp end > next 2 bytes are for the number of bytes of data there is in the data > next 1 or 2 bytes is the message ID > then the data sections > > And so the data sections are submessages, which can get cut off in the > middle if its a 3/4 packet type. There is a count section for the > submessage that says how many bytes the submessage is, so i can compare > that to the total count and can figure out how many bytes will be in > the next message. when its a 4 or 5 packet type, the layout is: > > packet type, 1 byte > number of bytes, 2 bytes > bytes from last packet, > ... > > The way i dissect is to take the buffer after the packet type/data > count part (first 3 bytes) and send it to a dll to be decoded. I was > thinking if i could take the first buffer and hold onto it so that i > can put it after the second packets type/data count part, etc, and keep > appending the buffer till the 05, and then send that to be decoded. > Would this be possible? I am looking for a way to hold onto the buffer > from the 03 packet type, ammend the 04 packet type buffers and finally > have the whole buffer from the 03, 04's, and 05 messages combined into > one large buffer. I hope this is clear. I read > http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.htm > l, but that's not quite what i'm looking for i dont think. > > Thanks for any help, > Greg > _______________________________________________________________________ > ____ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev- > [email protected]?subject=unsubscribe CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
