Hi, I'm willing to build a dissector able to reassemble PDUs spanned accross multiple UDP packets. My protocol have sequence/fragment IDs/total length, so there's everything needed to reassemble properly. If i'm not mistaken there's no automated assembly mechanism like for TCP within the API ( pinfo.desegment_len etc). So I take it I would have to implement a manual re-assembly. But how can I pass data between 2 frames / dissector calls ? Tvb can only be declared/used in a dissector so can't store my fragment in a tvb variable. I tried to store it in a ByteArray and then use bytearray<->tvb conversions methods with no luck, wireshark crashes, probably because of ByteArray's maximum sizes (overflow) Also, whilst a manual re-assembly might work on a first pass, how about random access when clicking ? Any suggestions ? Thanks asked 13 Dec '13, 05:39  lepolac |
One Answer:
Basically you will need to implement the same re-assembly routines in your protocol dissector as are implemented in the IP and the TCP dissector. Have a look at the support functions for reassmbly that can be found in "epan/reassemble.h" and how they are used in the IP and TCP dissector. answered 13 Dec '13, 06:39  SYN-bit ♦♦ |
Oops, just realized you are using Lua instead of C. Not sure how many support routines there are in Lua regarding reassembly...