On Fri, Jul 27, 2007 at 10:14:51AM -0400, yin sun wrote:
> The other way is, as I know the whole TCP stream is dedicated for this
> java object stream, so in theory I just need to reassemble all of them
> into one big buffer. Then the question is,
> 1. for static file (packets captured already), is there a function to
> reassemble all tcp packets into one buffer? (similar to trace tcp
> stream)
You can reassemble all TCP segments up to the segment with the FIN bit
set by using the method of TCP reassembly mentioned in section 2.7.2 of
doc/README.developer. The one change you need to make to that sample
code is to change DESEGMENT_ONE_MORE_SEGMENT to DESEGMENT_UNTIL_FIN.
> 2. for live capture, can I do this. When my plugin is decoding, the
> buffer is growing as well to append all incoming packets.
The method above will work the same for packets in a capture file as
well as during a live capture.
Steve