Wireshark-dev: Re: [Wireshark-dev] Reassemble serial protocols payloads

From: Tomasz Moń <desowin@xxxxxxxxx>
Date: Sat, 11 Jul 2020 11:20:53 +0200
On Sun, Jul 5, 2020 at 5:05 PM Tomasz Moń <desowin@xxxxxxxxx> wrote:
> I am not sure if the approach I am pursuing is good or bad. The work
> in progress I have produced so far is at [1]. I am stuck at the point
> where, I need to either:
>   * pass the "partially reassembled" tvb to MPSSE to check if it is complete, or

This is what I actually implemented in Patch Set 7 [1]. The only issue
is that I am hijacking the pinfo->curr_layer_num value to make
process_reassembled_data() happy.

FTDI FT dissector doesn't know if the last fragment is really the last
one unless it passes the data to the next dissector. There is
absolutely no metadata that could help with it as FTDI FT is pretty
much a direct replacement to UART (COM port) and is pretty much
transparent to the actual serial protocol used.

Passing the data to the MPSSE dissector results in curr_layer_num
being increased if it dissected the data (when it is the last
fragment). This would prevent the process_reassembled_data() (after
the first pass) from returning the reassembled tvb in FTFI FT which in
turn prevents the data from being passed to the next dissector.

>   * mark the data as reassembled as soon as I receive X additional
> bytes, but then after passing such reassembled data to MPSSE, it
> should be possible to "unmark" in case it needs even more bytes (in
> case the original estimate changes based on the new information).

I have had no success with this approach.

[1] https://code.wireshark.org/review/37709