Hi,
On Thu, Aug 15, 2013 at 03:57:07PM +0200, Hardik Patel wrote:
> I am creating dissector plugin. Trace which i have capture is compressed by
> zlib.
>
> I have two option
> 1)write own decompress function using zlib
> 2) to use tvb_uncompress() function of wireshark
>
> Both have issue if compress packet is over multiple frame.
>
> wireshark tvb_uncompress() function work only from frame which have zlib
> header which is obvious case.
Nope, AFAIK gzip header is also supported :)
> is there any particular method to save all these bytes in buffers till i
> got complete data so i can start decompressor.
Reassembly api (fragment_add, fragment_add_seq) or composite tvb use with conversations or
if your protocol is running atop TCP you can use DESEGMENT_ONE_MORE_SEGMENT :)
just a keywords, but hope that helps.
Cheeeeers,
Kuba.