TCP reassembly and Return value of a new-style dissector

[Anders Broman <a.broman () bredband net>]

Hi,
I have recently come across some problems with reassembly of SIP 
messages over TCP one problem seems to be related to when a segment 
contains one full PDU and a segment of the next following PDU in this 
case the first SIP line of the following PDU is not complete.

I think the ultimate solution would be for the TCP dissector to call the 
SIP dissector again with the next incomplete PDU
after receiving the number of bytes "accepted" by the SIP dissector e.g 
using the "new-style dissector interface.
also see http://seclists.org/wireshark/2014/Jun/289

As I read the code the first step would be to have
call_dissector()                                                [OK]
try_conversation_dissector()
dissector_try_heuristic()
dissector_try_uint_new                                 [OK]

Return the number of bytes consumed, 0 or -1(need more data) not sure 
about DESEGMENT_UNTIL_FIN (-2?).

If people agree the biggest change is to change 
dissector_try_heuristic() to return an int.
What do you think?

Regards
Anders
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe