Wireshark-dev: Re: [Wireshark-dev] Troubles With Reassembly

Date: Wed, 22 Apr 2009 14:34:53 +0000
>So is the length field in the BNP header the length of:
>
>	the message that comes after the BNP header;
>
>	the message plus the BNP header (i.e., the length of the message, plus 3 for the 3-byte BNP header);
>
>	something else?

The length of the BNP Header is just the data after it. 

| BNP Header    |                     BNP Data                                     |
| id | cou | nt | msg id | info el | em id | ie cluster | ie c | ount | more ie... |

| | being a byte (if this comes out fine )

but the bytes of the header are not included in any count.

>In other words, you have *two* levels of reassembly:
>
>	1) the protocol runs atop TCP, so the BNP header+message could be split between TCP segments;
>
>	2) some higher-level stuff can be split across multiple BNP messages with the multimessage stuff?
>
>If so, the stuff under 1) can probably be done with tcp_dissect_pdus() (depending on the answer >to my question above), and the stuff under 2) would be at a completely different level and would >require that you do your own reassembly.

i tried using tcp_dissect_pdus, but when i go to dissect, my actual dissection function doesnt dissect the whole packet at once, it only sends one BNP at a time. I looked into using fragment_add+seq_check and process_reassembled_data from looking at packet-tipcs.c, except i'm really confused on the concept of doing my own reassembly. 

Thanks,

Greg