Wireshark mailing list archives
Re: Reassembling tvbuff_t
From: Anders Broman <anders.broman () ericsson com>
Date: Wed, 27 Apr 2011 13:57:08 +0200
Hi, We have a reassembly API in ~/epan/reassemble.c see also the README files in ~/doc Regards Anders -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of fab12 () freesurf fr Sent: den 27 april 2011 13:38 To: wireshark-dev () wireshark org Subject: [Wireshark-dev] Reassembling tvbuff_t Hi I am currently working on a dissector for some proprietary protocol and I need to do some reassembling of buffer. I am looking for information on how to handle tvbuff_t API. I have found this : http://wireshark.sourcearchive.com/documentation/1.0.0/tvbuff_8h_aa919b43fdba78f4be4a76aa274e6cce.html#aa919b43fdba78f4be4a76aa274e6cce which is useful but I'm not sure to understand it. With my protocol I am receiving packet in several fragment. The fragment header tells me if it is a head, tail or mid fragment packet. I am thinking processing as follows but I am not sure if it is the best way or even if it is correct: Upon reception of a fragment: I copy it in a new tvbuff_t and save it in some global list: tvb_memcpy(tvb,data,offset,length) frag_buf=tvb_new_real_data(data,length,reported_length) // what is reported_length by the way? // Is there a better way to make a buffer copy? Add frag_buf to global fragrment list Upon receiption of the last fragment pckt_buf=tvb_new_composite ( void ) For each frag_buf in global fragrment list { tvb_composite_append(pckt_buf,frag_buf) } // Then I call my dissector on the reassembled packet. Is this the general idea? Thx Fabien ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Reassembling tvbuff_t fab12 (Apr 27)
- Re: Reassembling tvbuff_t Anders Broman (Apr 27)
- Re: Reassembling tvbuff_t fab12 (Apr 28)
- Re: Reassembling tvbuff_t Mike Morrin (Apr 28)
- Re: Reassembling tvbuff_t fab12 (Apr 28)
- Re: Reassembling tvbuff_t Jeff Morriss (Apr 28)
- Re: Reassembling tvbuff_t fab12 (Apr 28)
- Re: Reassembling tvbuff_t Anders Broman (Apr 27)