|Main Archive Page > Month Archives > wireshark-dev archives|
I'm currently developing a dissector for a quite old TCP protocol. Most of
the stuff is straight forward and not a real problem. But right now I'm
facing an issue and need some help.
In my main dissector function I'm calling tcp_dissect_pdus(), but there
are 3 cases or let's say headers which could be within the stream:
 a fixed 4 byte "connection frame" with 2 possible value and no payload
 a 7 byte header with a fixed flag at the end (1 byte) and a length
field for the rest of the message
 a 33 byte header with a fixed flag at the beginning (2 bytes) and a
length field for the rest of the message.
Unfortunately one of the two possible values of the connection frame 
is a valid beginning of the header . So I'm wondering what I should
pass as fixed_len to tcp_dissect_pdus()?! If I set fixed_len to 4 byte
(length of connection frame ), I'm not able to figure out the length of
packages of type  or  and I'm not able to distinguish  and .
If I pass the header width of either  or  and there is a connection
frame in the beginning, it will be discarded by tcp_dissect_pdus() as it
is smaller than the fixed_len parameter.
So how do I handle such a situation? Any suggestion? Is it possible to
call tcp_dissect_pdus() twice? And yes, I know that this is a weird
protocol design but changing it is not an option.
Thank you in advance.
Sent via: Wireshark-dev mailing list <email@example.com>