Hi Anders, Thanks for the prompt reply. I will give it a try.
Thanks again, Juanjo On Thu, Mar 19, 2015 at 4:23 PM, Anders Broman <[email protected]> wrote: > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Juan Jose Martin > Carrascosa > *Sent:* den 19 mars 2015 16:05 > *To:* Developer support list for Wireshark > *Subject:* [Wireshark-dev] Issue with dissector on top of TCP > > > > Hi all, > > > > I am writing a dissector on top of TCP (let's call it Wrapper). For a > given TCP segment, I see that the payload length is 1460 bytes. Within > those bytes, I have messages of my Wrapper protocol. The message length of > my protocol for those messages is 72 bytes. > > > > This is, 20 x messages = 1440. The remainder is 20 bytes. And those 20 > bytes are not being dissected nor used at all. (I have verified all this > information). Those 20 messages are the beginning of a new Wrapper message, > but the message is not completed in that segment. > > > > The issue is that the next TCP segment starts 20 bytes later, and thus, it > results in dissection errors since that packet, making Malformed Packets or > not dissected packets almost everything. > > > > I would need to know which is the proper way to let TCP know that those 20 > bytes have to be used for the next segment. > > > > Do I have to do anything with the tvb? or on the other hand I have to play > with the return value? > > > > I have spent already a lot of hours on this and can't figure it out. I > hope anyone has any advice for this. > > > > Thanks, > > Juanjo > > > > See doc/README.dissector > > > > 2.7 Reassembly/desegmentation for protocols running atop TCP. > > > > Section 2.7.1 Using tcp_dissect_pdus(). Should probably work for you. > Grep for tcp_dissect_pdus in the sources to find multiple examples on how > to use it… > > > > Regards > > Anders > > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
