Hi list.
Why are there so many "interesting" things to do and so little time?
I was thinking a bit more on the "problem" I experience with NFS over TCP,
namely that the READ/WRITE commands
are spread across several TCP segments, and ethereal only dissects the first
such segment (where the RPC header is).
One possible solution to "desegment" packets over TCP would be to add an API
in dissect-tcp.c where upper layer
protocols can ask the tcp-dissector to memcpy() all interesting segments
into a buffer and then call a callback (dissect-rpc())
for when the buffer is completely filled?
Theory of operation:
(if option Reassemble RPCoverTCP commands is TRUE)
Assume one RPC command spans30 bytes and 3 TCP segments :
1, sequence#10-19
2, sequence#20-29
3, sequence#30-39
The tcp-dissector would process packet 1 and since it is not associated with
any reassembly requests it would
call dissect-rpc. dissect-rpc would se that this packet only contains 10
bytes, but the rpc header says that the entire
command is 30 bytes, so instead of dissecting the packet dissect-rpc will
g_malloc() a 30 byte buffer and call
tcp-reassembly-init(from==10, to==39), tcp-reassembly(current-packet).
When the tcp dissector sees packet 2, it knows that this is a session which
we want to reassemble so we memcpy()
the current packet to the buffer for this session.
When the tcp dissector sees packet 3, it knows that this is a session which
we want to reassemble so we memcpy()
the current packet to the buffer for this session.
Now it also sees that the entire packet has been reassembled and therefore
it is now ok to call the next dissector
in the same way as ip reassembly does. dissect-rpc() will now be called.
This would work quite similar to how say the ip reassembly currently works,
but for TCP (for the dissectors which requests so).
Comments, would this be a useful approach?
best regards
ronnie s