Re: Handling TCP packets reordering

[Jeff Morriss <jeff.morriss.ws () gmail com>]

Max Dmitrichenko wrote:
> 2011/5/5 Jeff Morriss <jeff.morriss.ws () gmail com>:
>
> > I would think desegment_tcp() should be able to handle this by not calling
> > your dissector for an out-of-order segment: it should be able to only call
> > your dissector once it has a completely reassembled (desegmented) PDU.
>
> Did you mean using of tcp_dissect_pdus(....)? As for now I use
> pinfo->desegement_len
> and pinfo->desegment_offset stuff. But if it is that simple, I surely redo using
> this function.

Actually I meant the pinfo->desegment_len stuff (I'm not really familiar 
with dissect_pdus()).

I did stumble across a (apparently unrelated) problem in that it will 
fail if you see a gap while the subdissector is returning 
DESEGMENT_ONE_MORE_SEGMENT (as HTTP does until it gets all the headers): 
in that case TCP has to assume that the current message is not part of 
the existing multisegment_pdu--which unfortunately breaks things.  Not 
sure what can be done about that...
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe