Is it possible to call the own dissector again? The protocol that i want to dissect, starts sometimes again in the same packet. Is there a good way to call the dissector again or are there other ways? asked 15 Jan '13, 07:39  sphinxs |
One Answer:
If you mean that, in whatever lower-level protocol your protocol runs atop, a single lower-level protocol packet can contain more than one packet for your protocol, the way you should, in general, do that is to have your dissector loop through the contents of the lower-level protocol packet's payload (that's what's in the tvbuff it's handed) and keep dissecting packets until it runs out. Note that if the lower-level protocol is TCP, that task is more complicated, as you can have multiple higher-level protocol packets within one TCP packet (TCP segment), you can have multiple TCP packets contain one higher-level protocol packet, and you can have both. If your protocol runs atop TCP, and each packet in your protocol is at least N bytes long for some value of N > 0, and if the first N bytes contain enough information to determine how long the packet is, you can have your protocol's dissector call answered 16 Jan '13, 20:24  Guy Harris ♦♦ |
Thank's for the fast reply. Unfortunately the protocol has no length field, is starts and ends with an specific sequence with N messages in between. Should i use a function like the one from 2.7.2 in the developers.readme, to reassembly the TCP segments? Or should is use the functions from reassemble.h ?