Hi Martin,
Good question. That is currently not possible. Also, this would also have to work with live capture, so we’re currently at the end of file, but it’s being extended with the packets we’re waiting for. At least that’s what I quickly can come up with.
Thanks,
Jaap
> On 19 Sep 2024, at 14:46, Martin Dubuc <martind1111@xxxxxxxxx> wrote:
>
> I am writing a dissector that uses tcp_dissect_pdus to reassemble messages that span multiple packets. The get_pdu_length function reads the first four bytes of the first packet, which specifies the message length and returns this value.
>
> I have noticed that in cases where I would not get all packets for a message before the capture file ends, I will not get a chance to dissect this partial message. Is there a way that the dissect_pdu function be called even though we have not received the expected message length when we reach end of capture file so that we could at least dissect what has been received before end of capture file?
>
> Martin
>