Home page logo
/

wireshark logo Wireshark mailing list archives

Re: Decompress problem if data is over multiple frame
From: Jakub Zawadzki <darkjames-ws () darkjames pl>
Date: Thu, 15 Aug 2013 17:05:54 +0200

Hi,

On Thu, Aug 15, 2013 at 03:57:07PM +0200, Hardik Patel wrote:
I am creating dissector plugin. Trace which i have capture is compressed by
zlib.

I have two option
1)write own decompress function using zlib
2) to use tvb_uncompress() function of wireshark

Both have issue if compress packet is over multiple frame.

wireshark tvb_uncompress() function work only from frame which have zlib
header which is obvious case.

Nope, AFAIK gzip header is also supported :)

is there any particular method to save all these bytes in buffers till i
got complete data so i can start decompressor.

Reassembly api (fragment_add, fragment_add_seq) or composite tvb use with conversations or
if your protocol is running atop TCP you can use DESEGMENT_ONE_MORE_SEGMENT :)


just a keywords, but hope that helps.

Cheeeeers,
Kuba.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault