Hi All, Has the de-chunking of SCTP within wireshark been attempted yet? I noticed some old conversations in mailing list in this regard, but nothing concrete has turned up yet. While trying to do this in tshark, I have tried calling tshark's process_packet() function from packet-sctp.c file in dissectors but got nowhere due to linking issues. I feel the way to do this would be:
1) Create a global copy of entire frame at initial stage (Is there any other way to access the entire frame structure from packet-sctp where ultimately the decision whether to do de-chunking or not would be made. ) 2) In case there are several chunks in the packet, allow the completion of processing till first chunk and create composite tvbs consisting of eth+ip+sctp_header+remaining_individual_chunks. 3) Correct IP checksums and length in the composite Tvb. 4) Process these tvb's individuallly. (Is this possible with the rule to have a single capture file at a time?? Can a capture file structure be modified on the fly?) Is the above process doable without breaking wireshark/tshark processing structure? Can anybody suggest a better solution... Vineeth
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
