Wireshark-dev: Re: [Wireshark-dev] reasebling packets - dissector question

From: יוני תובל <yoni6666@xxxxxxxxx>
Date: Mon, 23 Feb 2009 00:30:57 +0200
thanks , that's helpful .

one last question ,
beside the integration of " tcp_dissect_pdus(); " into my dissection code ,
Should i also manage the flags , or offsets in the "pinfo"   struct ?
does tcp_dissect_pdus(); damand any managment outside besides the get_length method
?

thanks



2009/2/23 Guy Harris <guy@xxxxxxxxxxxx>

On Feb 22, 2009, at 2:14 PM, יוני תובל wrote:

> what length exactly shoild  i return in the "get_len" function .
> Do i need to return the expecte length of the PDU ?

Yes.  That lets tcp_dissect_pdus() know how much data needs to be
assembled.

> and if so , what is the definition of the PDU (application layer
> data + header , or only data )

The PDU (obviously) doesn't include TCP or IP or link-layer headers
(given that PDUs for protocols running over TCP can be split across
TCP segments), but it does include all the fields for the protocol
running on top of TCP - including any header that gives the length of
the PDU (for protocols, such as DNS, that run over TCP and packet-
oriented transport layers such as UDP).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe