Ask Your Question
0

What happened to reassemble_tcp?

asked 2018-05-25 17:02:26 +0000

Matt Davis gravatar image

I pulled the Wireshark code several years ago (v1.8.6) to use its TCP reassembly logic to build a custom TCP reassembler for a project I work on. I'm needing that same logic today, and I'd like to use the latest version of the code (v2.6.1) as a go-by, but I cannot find the reassemble_tcp function in follow.c.

Can anyone point me to where/how the TCP reassembly is accomplished in the Wireshark code base today?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2018-05-25 19:58:31 +0000

Guy Harris gravatar image

There's "TCP reassembly" in the sense of the mechanism used when dissecting packets and there's "TCP reassembly" in the sense of the mechanism used by "Follow TCP Stream".

You're referring to the latter of those.

This is done differently in current versions of Wireshark. "Follow TCP Stream" has been generalized to "Follow XXX Stream"; the various "XXX" dissectors register their own code to do stream-following, using the register_follow_stream() routine. For example, for XXX = TCP, that's done in a call at the end of proto_register_tcp() in epan/dissectors/packet-tcp.c.

edit flag offensive delete link more

Comments

Guy, thank you. I was hoping you'd chime in on this. That definitely helps.

Matt Davis gravatar imageMatt Davis ( 2018-05-29 14:28:31 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-05-25 17:02:26 +0000

Seen: 44 times

Last updated: May 25