Hi,
I'm trying to write a dissector for a protocol which consists of a
series of small (160 bytes or so) PDUs, over TCP. That obviously means
that PDUs can span TCP segment boundaries, and each TCP segment can
contain several PDUs.
README.developer (section 2.7.2) implies that I can just dissect one PDU
at a time, update pinfo->desegment_offset and pinfo->desegment_len, and
the TCP dissector will call my dissector for each PDU: "Wireshark allows
dissectors to process PDUs in an idempotent way--dissectors only need to
consider one PDU at a time"
However, when I do this, only the first PDU in each TCP segment is
dissected.
Obviously, I can work around it by looping over the entire segment, but
I'm curious - is what README.developer says just a complete lie? Am I
doing something wrong?
(I don't want to use tcp_dissect_pdus as this protocol can run over a
myriad other protocols than TCP.)
Thanks,
--
Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Telephony Gateways Project Manager
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com