[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-dev
Subject:    [Wireshark-dev] Two-level PDU reassembly
From:       Jérôme_Hamm <jerome.hamm () planete-sciences ! org>
Date:       2022-02-04 8:15:55
Message-ID: af518f8d42ffee92f76ba171042439aa () planete-sciences ! org
[Download RAW message or body]

Hi,

I am working on ssh dissection. I am now trying to reassemble packets.
Actually there are two levels of fragmentation when you use sftp.
The first level are multiple tcp packets which contain data that must be 
decrypted (when you have the right crypto byte count, for example 
32kiB).
And then the decrypted data contains the sftp data (for example 32kiB 
worth of read file, which do not fit in the previously mentioned 32kiB 
because there are headers for sftp framing, leading to for example [not 
the real value] 32778 bytes), which need to be reassembled separately 
from the crypted data.

How can I achieve this?

If I am not mistaken, the packet_info structure is not recreated in my 
subdissector, so when I change the pinfo->desegment_offset I am actually 
overwriting the value I previously set for tcp reassembly, and all hell 
breaks loose.

Cheers.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

[prev in list] [next in list] [prev in thread] [next in thread]