On Feb 22, 2009, at 12:19 PM, יוני תובל wrote:
i mean , should i expect that my dissection logic receive an
asembled buffer from the tcp_dissect_pdus?
For protocols running over TCP and using tcp_dissect_pdus(), you need,
in effect, two dissectors:
1) the dissector called from the TCP dissector, which receives raw
TCP segments, and calls tcp_dissect_pdus();
2) the dissector called from tcp_dissect_pdus(), which receives
reassembled messages.
See, for example, the DNS dissector, in packet-dns.c; the first
dissector is
static void
dissect_dns_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tcp_dissect_pdus(tvb, pinfo, tree, dns_desegment, 2, get_dns_pdu_len,
dissect_dns_tcp_pdu);
}
and the second dissector is
static void
dissect_dns_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree
*tree)
{
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
dissect_dns_common(tvb, pinfo, tree, TRUE, FALSE, FALSE);
}
where "dissect_dns_common()" dissects a DNS message. The DNS-over-UDP
dissector does
static void
dissect_dns_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "DNS");
dissect_dns_common(tvb, pinfo, tree, FALSE, FALSE, FALSE);
}
The first of the 3 Boolean arguments to dissect_dns_common() specifies
whether this is DNS-over-UDP or DNS-over-TCP; for DNS-over-TCP, it
assumes the message starts with a DNS-over-TCP header (with the
message length), and dissects that as well.
If your protocol runs *only* over TCP, your second dissector could do
all the dissection work, rather than calling a common routine.