Wireshark-dev: Re: [Wireshark-dev] composite tvbuffs

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Scott Mueller" <smueller@xxxxxxxxxxx>
Date: Fri, 24 Sep 2010 17:33:25 -0700
Hello Stephen,

Thank you for your response. I'm working with a multi-layered protocol
that relies on TCP/IP, and in some cases the contiguous payload that I
need to work with is spread out across several well-formed messages. In
each of these messages, I parse out the headers in order to determine
whether the payload contains all of the necessary information to
dissect, or if I need to aggregate payloads from further messages,
reassemble these, and then dissect when I have everything. I might be
working with very large messages when adding stress to the software that
generates this data, so I'm just trying to avoid allocating everything
in a very large contiguous block.

Thanks again,

M. Scott Mueller

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen Fisher
Sent: Friday, September 24, 2010 5:23 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] composite tvbuffs

On Fri, Sep 24, 2010 at 01:12:17PM -0700, Scott Mueller wrote:

> I have messages that are split up on a size boundary

What exactly do you mean?  That within a captured packet in Wireshark, 
each message you need to dissect starts a certain byte positions or...?

> This is great, because I then pass this into tvb_new_real_data and 
> then dissect those "large" tvbuffs.

Or do they need to be reassembled across multiple packets?

> Searching through the tvbuff.h header led me to the tvb_*composite* 
> functions. Further searches on those functions resulted in an 
> uncertainty as to whether or not these work.

I started to try using those quite a while back and didn't determine 
that they worked either, but I ended up needing to do my code a 
different way anyway.
________________________________________________________________________
___
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe