Using tcp_dissect_pdus I have been having issues with improper dissection of application level protocol PDUs with my proprietary protocol.
So that this problem can be efficiently debugged, I have reproduced the issue against a BitTorrent peer. Problem: tcp_dissect_pdus is used by many dissectors to extract PDUs from the arbitrarily fragmented TCP stream. It is provided a "PDU measure" callback routine and a minimum length prefix of the packet required to determine the length of the entire PDU. The PDU measure routine is only called if sufficient bytes (the minimum length prefix) can be provided I have discovered that BitTorrent, and likely all dissectors that use tcp_dissect_pdus are broken in the case that the minimum length prefix is broken across TCP segments. I do not know if the problem is directly related to tcp_dissect_pdus or is a more general problem with desegmentation. I will try to attach the capture file. If it gets stripped, let me know I can send capture file directly to anyone interested. Unfortunately I haven't had much luck deciphering the PDU desegmentation logic on my own, so I'm hoping for some help here. Thanks, -- John.
btfail.cap
Description: Binary data
_______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
