Wireshark · Wireshark-dev: [Wireshark-dev] Multiple pdus atop TCP -- a lie in README.developer?

Wireshark-dev: [Wireshark-dev] Multiple pdus atop TCP -- a lie in README.developer?

From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>

Date: Wed, 31 Jan 2007 19:39:36 +0000

Hi,

I'm trying to write a dissector for a protocol which consists of aseries of small (160 bytes or so) PDUs, over TCP. That obviously meansthat PDUs can span TCP segment boundaries, and each TCP segment cancontain several PDUs.

README.developer (section 2.7.2) implies that I can just dissect one PDUat a time, update pinfo->desegment_offset and pinfo->desegment_len, andthe TCP dissector will call my dissector for each PDU: "Wireshark allowsdissectors to process PDUs in an idempotent way--dissectors only need toconsider one PDU at a time"

However, when I do this, only the first PDU in each TCP segment isdissected.

Obviously, I can work around it by looping over the entire segment, butI'm curious - is what README.developer says just a complete lie? Am Idoing something wrong?

(I don't want to use tcp_dissect_pdus as this protocol can run over amyriad other protocols than TCP.)

Thanks,

--
Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Telephony Gateways Project Manager
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com

Follow-Ups:
- Re: [Wireshark-dev] Multiple pdus atop TCP -- a lie in README.developer?
  - From: Anders Broman

Prev by Date: [Wireshark-dev] New dissector - FMP
Next by Date: Re: [Wireshark-dev] Multiple pdus atop TCP -- a lie in README.developer?
Previous by thread: [Wireshark-dev] New dissector - FMP
Next by thread: Re: [Wireshark-dev] Multiple pdus atop TCP -- a lie in README.developer?
Index(es):
- Date
- Thread