IDEA STAGE - 04/2013

Add an option to Wireshark (libwireshark / epan) to give hability to dissectors
to dechunk frames, by creating multiple fake frames each containing part of the
data from one frame.

Goal is to dechunk SCTP and TCAP on the fly.

===============================================================================
Options presented to Wireshark / tshark

* dechunk SCTP (default True)
* dechunk TCAP (default True)
* save PCAP as dechunked (default False)

===============================================================================
Code: Insert fake dechunked frames instead of chunked frame

file.c:
add_packet_to_packet_list(frame_data *fdata, capture_file *cf,        
    dfilter_t *dfcode, gboolean create_proto_tree, column_info *cinfo,
    struct wtap_pkthdr *phdr, const guchar *buf,                      
    gboolean add_to_packet_list)                                      

after epan_dissect_run_with_taps(&edt, phdr, buf, fdata, cinfo);
if edt.fake_frames:
  for each edt.fake_frame:
    packet_list_append(cinfo, fdata, &edt.pi);

Data passed in frame_data (epan/frame_data.h)
New methods from frame list manipulation in frame_data_sequence.c

Actual Callgraph
read_packet
  frame_data_sequence_add
  add_packet_to_packet_list # target function
    epan_dissect_run_with_taps
    dfilter_apply_edt
    packet_list_append
rescan_packets
  add_packet_to_packet_list # target function

===============================================================================
Code: Create fake dechunked frames from chunked frame

epan/dissectors/packet-sctp.c
dissect_sctp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
pinfo->fd (frame_data)