Hey Roland, [moved quote downwards for context]
On Wed, Feb 07, 2018 at 03:59:52PM +0100, Roland Knall wrote: > On Wed, Feb 7, 2018 at 3:57 PM, Jeff Morriss <[email protected]> > wrote: > > > On Wed, Feb 7, 2018 at 9:38 AM, Roland Knall <[email protected]> wrote: > > > >> Hi > >> > >> Just a short question. > >> > >> I have a protocol, which transports information via TCP. Now we have a > >> segmented download via this protocol, which in turn is a TCP segmented > >> transfer. > >> > >> I can desegment_tcp_pdus, and end up with a couple of messages with the > >> bigger blocks, which I now need to desegment further. > >> > >> I am at a loss on how to do that, does anyone have an idea? In C I would > >> use taps and display the final files somewhere else (not in the packet > >> stream), but not really have an idea on how to do this in LUA. > >> > > > > In C you could also use dissect_tcp_pdus() and get the (reassembled) > > packet in your dissector and dissect that. > > > > Yeah, the issue is, that the result of dissect_tcp_pdus is segmented, and I > need to desegment on top of that. In C I would face the same issue, and > there I would move to taps, as I do not need the info live The problem with dissect_tcp_pdus (and desegment_offset/desegment_len) is that it prevents the dissection from displaying until everything is available. In C, the reassembly API (epan/reassemble.h) could potentially be used for more control over when the dissection is displayed, but the API can be hard to use. This API is not exposed to Lua, I guess that in Lua the best you can do now given the current API limitations is to store fragments in a global variable (register a cleanup routine to clear this variable when a packet capture file closes). -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
