Merlin Hooze wrote:
For a disector plugin, if the fixed length part of the message is
split across tcp segments, can wireshark reassemble it?
It should be able to do so. If not, that's a bug. (That's why the size
of the fixed-length part of the message is passed as an argument to
tcp_dissect_pdus()).
There were, in at least some Wireshark releases, bugs that caused that
not to work correctly. Try it with the latest version of Wireshark,
and, if it doesn't work, file a bug on bugs.wireshark.org, preferably
with a sample capture file that demonstrates the bug (just include
enough packets to demonstrate the problem - you can throw all other
packets away, as long as loading the resulting capture shows the problem).
Or the plugin needs to take care of it once the tcp_dissect_pdus() functin returns.
Any examples available to handle this ?
Just use tcp_dissect_pdus() - it should just handle this; you don't need
to do anything special, just pass the length of the fixed-length part of
the message.