Title: calculating PDU size of TCP message
I have a TCP message (that I reverse engineered) that contains blocks of the following type:
-------------
| Data Type | 4 bytes
-------------
| Payload Len | 4 bytes
-------------
| Checksum | 4 bytes
-------------
| Data | = Payload Len
-------------
(repeats)
Since I did not know about the underlying structure, I used tcp_dissect_pdus with a TCP header length of 12 bytes to be able to read a single block.
tcp_dissect_pdus(tvb, pinfo, tree, desegment_tcp_messages,
TCP_PAYLOAD_HDR_LENGTH,
get_tcp_pdu_len,
dissect_tcp_pdu);
I have discovered that in general, this application layer message can have multiple blocks, and I have something that looks like the following:
Frame
Ethernet II
Internet Protocol Version 4
Transmission Control Protocol
Application Protocol
Application Protocol
Application Protocol
...
It's ok, but ideally, I would like to place all of these blocks into a single root layer like the following:
Frame
Ethernet II
Internet Protocol Version 4
Transmission Control Protocol
Application Protocol
Block 1
Block 2
Block ...
Block N
It does not appear that I can use the normal PDU dissection to arrange that because I do not have an overall message size in a fixed header, I have to read each block individually and sum the payload lengths. >From the README.developer guide, it looks like I need to do something like in section 2.7.2, but I'm having a hard time adapting its example to my scenario.
Can someone point me to a dissector that already implements something similar to what I need, or give a simple loop on how to get the dissector to do what I want?
Thanks,
John Dill