On Aug 14, 2009, at 1:56 PM, Susan Ditmore wrote:
I am developing a packet dissector plugin for Wireshark. The packets
I am dissecting do not specify their length in their header, but
they are terminated by a special character (and can be a variable
length). Additionally, multiple complete packets of the protocol may
arrive in one tcp segment. I would like to know how to tell
wireshark to divide up these packets. I understand there is a
command called tcp_dissect_pdus(), but I believe it needs the length
specified in the header. Is this correct?
Yes, it's correct.
There are many different ways of putting messages into a byte stream,
so that the receiver can carve the byte stream up.
One of them is to begin each message with a header that includes a
message length, or that includes data (such as a message type) from
which the message length can be inferred; tcp_dissect_pdus() handles
that case. It does not handle other cases, as they have to be handled
in a very different fashion.
You might look at req_resp_hdrs_do_reassembly() in epan/
req_resp_hdrs.c for code that handles a similar case - the headers for
protocols such as HTTP continue up to a blank line.