Keep in mind that desegment_tcp (which calls the application layer dissector, which can call tcp_dissect_pdus) is broken in the case that the minimal header spans a tcp segment boundary.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1124 I have a workaround for my own code but desegment_tcp is hard enough to follow that for me to fix would mean for me to rewrite it. But like I said I have a workaround (as outlined at the end of the bug report). Haven't had much luck in getting this bug fixed by the Wireshark devs, but I believe it would affect ANY dissector that can return a smaller desegment_len than the full packet size than it will ultimately expect for a given packet. This typically happens when a "minimal header" used to judge length is split across tcp segments. So when the first part of the PDU is seen, it cannot even judge length. It just asks for enough bytes to judge length. But in that case desegment_tcp logic seems to be that it is a complete packet. -- John. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
