Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question for LUA dissection

From: Peter Wu <peter () lekensteyn nl>
Date: Wed, 7 Feb 2018 19:32:30 +0100
Hey Roland,

[moved quote downwards for context]

On Wed, Feb 07, 2018 at 03:59:52PM +0100, Roland Knall wrote:

On Wed, Feb 7, 2018 at 3:57 PM, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:


On Wed, Feb 7, 2018 at 9:38 AM, Roland Knall <rknall () gmail com> wrote:


Hi

Just a short question.

I have a protocol, which transports information via TCP. Now we have a
segmented download via this protocol, which in turn is a TCP segmented
transfer.

I can desegment_tcp_pdus, and end up with a couple of messages with the
bigger blocks, which I now need to desegment further.

I am at a loss on how to do that, does anyone have an idea? In C I would
use taps and display the final files somewhere else (not in the packet
stream), but not really have an idea on how to do this in LUA.



In C you could also use dissect_tcp_pdus() and get the (reassembled)
packet in your dissector and dissect that.



Yeah, the issue is, that the result of dissect_tcp_pdus is segmented, and I
need to desegment on top of that. In C I would face the same issue, and
there I would move to taps, as I do not need the info live


The problem with dissect_tcp_pdus (and desegment_offset/desegment_len)
is that it prevents the dissection from displaying until everything is
available.

In C, the reassembly API (epan/reassemble.h) could potentially be used
for more control over when the dissection is displayed, but the API can
be hard to use. This API is not exposed to Lua, I guess that in Lua the
best you can do now given the current API limitations is to store
fragments in a global variable (register a cleanup routine to clear this
variable when a packet capture file closes).
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: