Guy, You got it rigth. Thanks for the input, I will use the function in Ethereal to reassemble the payload size and I will add the check of the protocol in the "get_vn_pdu_len()" function.
But still, with the packet I have sent to you, the content of the function get_vn_pdu_len() was OK; It is returning the rigth value. Any ideas on what I do wrong when trying to reassemble the packet? Gilles -----Original Message----- From: Guy Harris [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2003 7:23 PM To: Gilles Galipeau Cc: '[EMAIL PROTECTED]' Subject: Re: [Ethereal-dev] Reassembling a Splited TCP packet On Mon, Nov 24, 2003 at 06:59:17PM -0500, Gilles Galipeau wrote: > I am currently implementing a dissector that decode the data in a TCP V4 > message and I need some help on how to reassemble a packet splited over > multiple TCP packet. > > I have tried to do it using the tcp_dissect_pdus function provided in tcp.h, > but I could not get it to work. > Here is the code before: > > <<packet-vn_Back_2003-11-13.c>> > And here is the decoding added in order to reassemble a packet splited over > multiple TCP packet: > <<packet-vn_Back_2003-11-24_Splitted_Packet_Recover.c>> I have no idea what all the "MAKE" macros, such as SYS_MAKEDWORD, do, so I can't say whether your code is correct or incorrect. However: > Here is how the Versatel Networks packet are composed: > 0 32 > |-------------------------------| > |Versatel Header|Protoco|Signal | > |-------------------------------| > |Payload Size |SN (1) | > |-------------------------------| I infer from that diagram, and from the code, that the "Payload Size" field starts at an offset of 4 bytes from the beginning of the packet, and is 3 bytes long... ...except for the stuff that does The payload size is encoded differently if the protocol used is DUPLICATION_PROTOCOL which seems to imply that if the presumably-one-byte-long Protocol field, and what appears to be an offset of 2 bytes from the beginning of the packet, has the value DUPLICATION_PROTOCOL *OR* CRITICAL_PROTOCOL, it's a 3-byte field, whereas for any other value it's a *two*-byte field starting at an offset of *5* bytes from the beginning of the packet. Are those values big-endian or little-endian? If they're big-endian, you should fetch the payload size with "tvb_get_ntohs()" if it's 2 bytes long and with "tvb_get_ntoh24()" if it's 3 bytes long; if they're little-endian, you use "tvb_get_letohs()" if it's 2 bytes long and "tvb_get_letoh24()" if it's 3 bytes long. (You *don't* use "tvb_get_guint8()" to fetch the individual bytes and then reassemble them yourself - why do that when you can have a routine do it for you?) In that case, you would do that in the packet dissector *AND* in "get_vn_pdu_len()" - if the length of the payload size field differs depending on the Protocol field's value, you have to check that value in "get_vn_pdu_len()".
