Re: Sequence aware dissector of TCP payload

[Peter Wu <peter () lekensteyn nl>]

On Sat, Jun 04, 2016 at 12:44:31AM +0300, Max Dmitrichenko wrote:
> Hi everybody!
>
> Sometime ago I wrote a dissector of TCP-based protocol, and I faced with
> the problem of TCP out-of-order frames. E.g.:
> 1) Duplicated packet
> 2) Out-of-order packet later followed by TCP retransmission
> 3) Simple reordering
> and so on.
>
> Most protocols seems to be tolerant to this. But if you protocol is
> encrypted or compressed, such event poisons the state of decoder or
> decompressor and most of times it is unrecoverable.
>
> Does wireshark have anything to handle this? If not is there any demand for
> such functionality from dissectors' authors?

The reassembly API can be used if a protocol cares about the ordering,
see epan/reassemble.h. Being able to accept out-of-order packets is
currently a bug/wishlist item
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9461).

Possible concerns that arise is increased memory usage and failure to
dissect any data if (say) the parts of the data is missing.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe