This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to reassemble packet in text-based protocol

0
1

I have created a dissector for a line-based protocol but have some problems when data are bigger than packet size. When the data is too big, I need to reassemble a number of packets to have a complete data before processing it. Here you can find a part of my dissector. I need your help for if (packet_end != 0x0A){} else {}. I don't know how proceed and what functions to use for reassembling packets.

static void dissect__textbasedprotocol(tvbuff_t *tvb, packet_info *pinfo,
                                       proto_tree *tree)
{
    guint8 packet_end = 0;
    tvbuff_t *working_tvb = NULL;
    gint offset_actu = 0;
    packet_end = tvb_get_guint8(
        tvb, tvb_reported_length_remaining(tvb, offset_actu) - 1);
    if (packet_end != 0x0A) // end of this packet is NOT end of data
    {
    } else {
        working_tvb = tvb; // packet contain an complete data \n and terminated.
    }
    while (tvb_reported_length_remaining(working_tvb, offset_actu) > 0) {
        // Dissector work with complete command \n terminated.
    }
}

asked 06 Apr '11, 09:34

Thibault's gravatar image

Thibault
1121
accept rate: 0%

edited 03 Jul '14, 10:53

Lekensteyn's gravatar image

Lekensteyn
2.2k3724

One Answer:

1

When you have to reassemble payload of a protocol without a length header, you should use the point 2.7.2 Modifying the pinfo struct. of the README.developer.

BTW: this section has a code fragment, that works with strings terminated by a '\0'. Try toreplace '\0' by '\n'.

answered 07 Apr '11, 23:16

harper's gravatar image

harper
312
accept rate: 0%