Wireshark mailing list archives
Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session
From: David Aggeler <david_aggeler () hispeed ch>
Date: Mon, 12 Jul 2010 00:26:12 +0200
To what port numbers are you referring? The fragment_add_seq
routines are used to reassemble data from protocols that have no port numbers.
The fragment_add_seq know nothing of IP or TCP, which is as it
should be. Interesting. I was asking on how to properly do reassembly before I started, but did not get much more that references to tcp_dissect_pdus(). But as far as I could tell, one requires to know the final lenght when using tcp_dissect_pdus(). That's why I explored your presentation about 'Writing advanced dissectors'. And as example you mention decryption, which can very well be a payload of TCP. And the debugging showed, that the fragment_add_seq functions are doing, what I had done manually in the DICOM dissector, but better. I liked the hashing concept and the new final buffer, I was only struggeling with the usage API. But in the end, I AM HAPPY with them, even for TCP payload. And I would do it again.
If the issue is reassembling packets from separate TCP connections
separately, one solution is to have separate
fragment and reassembled tables per TCP connection (or per whatever
type of connection is involved). Would be an alternative to the conversation index you suggested. For DICOM the compression of the 32 bit index and the 8 bit presentation context ID into a 32 bit ID, was possible. Of course, there's a chance for a false true, but since I skip the top 8 bit of the index, the probability is low enough for me. And it less effort than dynamically create and manage the two lists. I'll consider it for the next revision. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session, (continued)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session Bill Meier (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session David Aggeler (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session Bill Meier (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session Guy Harris (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session David Aggeler (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session Guy Harris (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session David Aggeler (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session Guy Harris (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session David Aggeler (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session Guy Harris (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session David Aggeler (Jul 11)
- Re: fragment_add_..(), pinfo->src/dst, IP vs. TCP Session Guy Harris (Jul 11)