Re: Suppress [TCP segment of a reassembled PDU] in COL_INFO

[Guy Harris <guy () alum mit edu>]

On Feb 10, 2019, at 11:44 AM, <david_aggeler () hispeed ch> <david_aggeler () hispeed ch> wrote:

> I’m cleaning up the re-assembly in the DICOM decoder (I haven’t touched it for years, so it was overdue)
> DICOM data elements are usually pretty big, and I need more than TCP level re-assembly. 
>  
> To have COL_INFO focus on what is relevant for DICOM, I’d like to suppress the postfix of “[TCP segment of a 
> reassembled PDU]”.

From the screenshot, I suspect the problem is that the frame in question contains data from more than one DICOM PDU, so 
that it contains the last octets of one DICOM PDU and the beginning octets of another PDU, and that, at the TCP 
reassembly layer, more data is needed for the second PDU.

So, technically, that frame is a TCP segment of a (to be-)reassembled PDU.

However, given that it's the finishing segment of a PDU, at a layer above TCP, and thus would have information about 
*that* PDU, the fact that it also happens to be the first TCP segment of the PDU following that PDU is not of interest.

Note that, except in the first paragraph, I didn't use the name "DICOM" - i.e., this isn't a problem with DICOM, it's a 
problem with the TCP dissector; that's where the "[TCP segment of a reassembled PDU]” is generated, and that's where it 
needs to be suppressed.

Please file a bug on that (and don't speak of it as a DICOM-specific problem, as the same problem could occur with any 
other protocol that runs over TCP).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe