Wireshark mailing list archives
Re: Sequence aware dissector of TCP payload
From: Peter Wu <peter () lekensteyn nl>
Date: Tue, 14 Jun 2016 13:08:14 -0700
On Sat, Jun 04, 2016 at 12:44:31AM +0300, Max Dmitrichenko wrote:
Hi everybody! Sometime ago I wrote a dissector of TCP-based protocol, and I faced with the problem of TCP out-of-order frames. E.g.: 1) Duplicated packet 2) Out-of-order packet later followed by TCP retransmission 3) Simple reordering and so on. Most protocols seems to be tolerant to this. But if you protocol is encrypted or compressed, such event poisons the state of decoder or decompressor and most of times it is unrecoverable. Does wireshark have anything to handle this? If not is there any demand for such functionality from dissectors' authors?
The reassembly API can be used if a protocol cares about the ordering, see epan/reassemble.h. Being able to accept out-of-order packets is currently a bug/wishlist item (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9461). Possible concerns that arise is increased memory usage and failure to dissect any data if (say) the parts of the data is missing. -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Sequence aware dissector of TCP payload Max Dmitrichenko (Jun 03)
- Re: Sequence aware dissector of TCP payload Peter Wu (Jun 14)