Wireshark-dev: Re: [Wireshark-dev] Reassembling IPP info through USB

From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Thu, 9 Jul 2020 06:24:07 +0000

-----Original Message-----
From: Wireshark-dev <wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of Guy 
Harris
Sent: den 9 juli 2020 04:00
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Reassembling IPP info through USB

On Jul 8, 2020, at 6:06 PM, Jamie Hare <jamie.n.hare@xxxxxxxxx> wrote:

> I am attempting to create a dissector for IPP over USB and am running into 
> some issues with the reassembly. I first thought that I could just use a 
> reassembly table but with the way the dissectors are run multiple times is 
> it necessary to create a PDU/tap combo like TCP or UDP?

Taps are not used for reassembly of PDUs that cover multiple TCP segments or 
multiple UDP datagrams, so taps are not necessary for reassembly of 
IPP-over-USB.

You *do* need to make sure that, in the first pass over the packets, the 
results of the reassembly are saved, just as happens with reassembly with 
other packets, so that, when packets are looked at, in a possibly random 
order, after the first pass, it can be determined where the packet in question 
resides within the reassembled IPP message.

pinfo->fd->visited can be used to track if it's the first pas or not. If you 
search for it in the code you can find how it is used with reassembly in 
many(all) cases.
Regards
Anders
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Attachment: smime.p7s
Description: S/MIME cryptographic signature