PDU reassambly on data read from a custom log file in lua
Hello,
I have issues using dissect_tcp_pdus in Protocol dissectors called via DLT_USER table from data from a custom log file (details below). The same protocols and dissect_tcp_pdus works fine when I am using either life sniffing of TCP traffic or load a PCAPNG file of TCP traffic, with the protocols register for the used tcp.port. Could someone provide some hints how to use dissect_tcp_pdus for protocols used through DLT_USER table?
Detailed description:
I am reading a custom log file in lua with a custom FileHandler written in Lua. The reading works, and it maps the data from the log file to two protocols: cmd_proto and rsp_proto. The mapping is done through the DLT_USER tables. I.e. the FileHandler sets frame_info.encap to a DLT_USER value depending on data from the log file, and in the DLT_USER table I registered the correct protocol.
When I load a log file I can see all captured frames displayed correctly mapped to the two protocols. However I am not able to use the dissect_tcp_pdus function inside these protocols to perform dessegmation and reassmably. Please note that the dessegmentation and reassamblywith dissect_tcp_pdus works fine when I use the same protocols on actual TCP data.
What I have figured so far is, that if the protocol is called through DLT_USER entry, then pinfo.can_desegment is set to 0. If I overwrite this and set pinfo.can_desegment to 1 (or 2) then dissect_tcp_pdus starts to work partialy, and the frames are desegmented correctly. However reassambly of PDUs across two recorded packets still does not work. The dissection correctly recognizes the partial PDU at the end of the first packet, however it does not take that partial data into account when parsing the second packet.
What do I need to do to get this to work. Or does anybody have an idea in which direction to search for a solution?
Best regards,
Oliver