THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

What happened to reassemble_tcp?

I pulled the Wireshark code several years ago (v1.8.6) to use its TCP reassembly logic to build a custom TCP reassembler for a project I work on. I'm needing that same logic today, and I'd like to use the latest version of the code (v2.6.1) as a go-by, but I cannot find the reassemble_tcp function in follow.c.

Can anyone point me to where/how the TCP reassembly is accomplished in the Wireshark code base today?

Matt Davis's avatar
9
Matt Davis
asked 2018-05-25 17:02:26 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

1

There's "TCP reassembly" in the sense of the mechanism used when dissecting packets and there's "TCP reassembly" in the sense of the mechanism used by "Follow TCP Stream".

You're referring to the latter of those.

This is done differently in current versions of Wireshark. "Follow TCP Stream" has been generalized to "Follow XXX Stream"; the various "XXX" dissectors register their own code to do stream-following, using the register_follow_stream() routine. For example, for XXX = TCP, that's done in a call at the end of proto_register_tcp() in epan/dissectors/packet-tcp.c.

Guy Harris's avatar
19.9k
Guy Harris
answered 2018-05-25 19:58:31 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Guy, thank you. I was hoping you'd chime in on this. That definitely helps.

Matt Davis's avatar Matt Davis (2018-05-29 14:28:31 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer