[Guy Harris <guy@xxxxxxxxxxxx>]

On Oct 29, 2003, at 5:20 PM, Igor Cananéa wrote:

> Hi. I'm developing a protocol dissector for DNP version 3. It 
> implements a data link layer protocol over TCP/IP

C00l!  Could you give me the IP address of your local electrical power 
substation?  Let me see if I can 0wnz0r it.... :-)

>  (because it was initially used over serial lines) and an aplication 
> layer protocol. I've finished the data link layer dissector but I'm 
> having trouble with the ap layer. The dll divides the ap messages in 
> 252 byte packets. I need to reassemble them in the ap dissector so the 
> data can make any sense. How can I do that?

There's a fairly general (but not yet documented) set of routines in 
the "reassemble.c" file in the top-level source directory; there are 
several types of fragmentation, so there are several types of 
reassembly supported by it.

How is the fragmentation done?  In particular, presumably there's 
something in either the data link layer or the application layer that 
has some indication that a packet is fragmented, and some way of 
indicating which fragment of a fragmented packet a particular data link 
layer is; how is that done?  Given that, we might be able to indicate 
what sort of reassembly needs to be done (and to indicate what other 
dissector does similar reassembly), or discover that we need to support 
another form of reassembly and add that to reassemble.c.