Re: N in 1 packets

[Guy Harris <guy () alum mit edu>]

On Dec 9, 2011, at 3:11 PM, Akos Vandra wrote:

> For my thesis project I am trying to get a new type of data source,
> ARM TPIU trace messages to work with wireshark.
>
> I am starting of getting the hang of how libpcap works, however a
> strange problem arose, that I don't know how would be best handled.
>
> "On the wire", there are fix, 16-byte frames. However these frames
> don't contain any useful data, they only act as a container for
> smaller data packets, which are packed, and sent together.

        ...

> Also, sometimes these
> "sub-packets" are not within a single 16-byte frame, sometimes they
> are split, if the remaining space in the 16-byte frame is too small
> for the packet to fit.

So if those 16-byte frames have no internal structure (for example, you don't have a time stamp in each frame), but are 
just like, for example, the line boundaries in a hex dump, my inclination would be to have the pcap module break the 
byte stream into packets, even if that means that it needs to buffer a partial packet in a case where a 16-byte frame 
contains the beginning of a packet but not the end of the packet.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe