On Apr 20, 2009, at 8:19 AM, [email protected] wrote:
> There are 3 headers
>
> BNP: uses one byte to tell if message is heartbeat, data, multi
> message start, multi message middle, multimessage end. And 2 bytes
> for the count of the data.
>
> Message: 1 or 2 bytes after the BNP header. There is only 1 message
> per BNP.
> SubMessages: 1 or 2 bytes for ID, 1 byte for cluster, 1 or 2 bytes
> for data count. There are many submessages under a Message.
>
> In a packet, there can be many BNP messages (1 BNP message carries 1
> Message which has many subMessages).
So is the length field in the BNP header the length of:
the message that comes after the BNP header;
the message plus the BNP header (i.e., the length of the message,
plus 3 for the 3-byte BNP header);
something else?
> I’m also running into problem with my multi messages. How they work
> is that when it’s a multimessage start, it has a BNP header, a
> Message header, and then goes into complete Submessage information.
> If it is a multimessage middle, it has a BNP header, then goes into
> complete multimessage information. If it is a multimessage end, it
> has a BNP header, message header, and complete Submessage information.
> What I want to do, if to take the whole message start buffer and
> save it somehow, then append on just the submessage part of the
> middle and end, then send it to be dissected.
In other words, you have *two* levels of reassembly:
1) the protocol runs atop TCP, so the BNP header+message could be
split between TCP segments;
2) some higher-level stuff can be split across multiple BNP messages
with the multimessage stuff?
If so, the stuff under 1) can probably be done with tcp_dissect_pdus()
(depending on the answer to my question above), and the stuff under 2)
would be at a completely different level and would require that you do
your own reassembly.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
