On Thu, 2006-09-07 at 03:22 -0700, Guy Harris wrote: > John R. wrote: > > I have an issue with desegmentation of packets: if the minimal header > > required to judge length is broken across TCP segments A and B, at > > segment A it decides properly to return expecting the remainder of the > > minimal header. In my problem case, the next tcp segment to arrive has > > the remainder of this packet and several others. It calls my pdu > > measurement routine which through printf's I've determined is properly > > returning the length of the full PDU. > > That length includes the minimal header, right? I.e., a 30-byte PDU > would have a 5-byte minimal header plus 25 bytes of payload after the > minimal header; in that case, your routine should be returning 30, not > 25, even if the length is determined by a value in the minimal header, > and that value is the length of data *after* the minimal header (i.e., > 25, in the example I gave). >
Right. There is a 5 byte header, and the value returned is the total PDU length including the header. > > Once segment B appears should tcp_dissect_pdus stay in the dissect > > loop until all packets within it are decoded? > > Yes (if by "within it" you mean "fully within it or previous TCP > segments"; the last packet might have the start, but not the end, in > that segment, in which case it can't dissect the last packet at that point). > In that case I think the problem is definitely below tcp_dissect_pdus. The issue seems to be that tvb_ensure_length_remaining (I am not at my client's but I think that is the name of the routine) called by tcp_dissect_pdus is returning only the length of the header not the full length of segment B. So once tcp_dissect_pdus finds out the length of the PDU (36 bytes) it returns. > Are TCP segments A and B in order in the capture? Yes. > > > What function calls my outer dissector that calls tcp_dissect_pdus? > > decode_tcp_ports(), in epan/dissectors/packet-tcp.c. > > It's called from process_tcp_payload(), also in > epan/dissectors/packet-tcp.c, and that's called by desegment_tcp() and > dissect_tcp_payload(), also in epan/dissectors/packet-tcp.c. > dissect_tcp_payload() is called from dissect_tcp(), and it calls > desegment_tcp() if it can do desegmentation. > > I've been poking around in the tcp dissector code. I'll let you know if I come up with something useful. Thanks, -- John. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
