Hi,
I'm trying to write a new dissector for a protocol used by a piece
of software we've developed, and I'm encountering some difficulty
getting tcp_dissect_pdus() to reassemble packets.
The software that communicates using the protocol is sending the
first four octets (an octet count of the remainder of the message) in
a separate TCP packet, and I'd like to be able to reassemble the two
packets into one for my dissector. However, tcp_dissect_pdus() doesn't
seem to be doing that job: it complains that the first, short, packet
was truncated during capture, and then goes on to treat the second
packet as a new protocol message (leading to a faulty dissection).
An example dump of a network message is here[1].
The code I'm using to do the dissection is at [2], running as a
plugin, and I'm using the Wireshark 1.0.2 sources from Debian stable
("lenny") as a development platform.
Hugo.
[1] http://acet.rdg.ac.uk/~hrm/files/temp/necho-single-message.dump
[2] http://acet.rdg.ac.uk/~hrm/files/temp/packet-tycho.c
--
Hugo Mills Research Fellow, ACET group,
Systems Engineering, University of Reading.