On Sat, Jun 04, 2016 at 12:44:31AM +0300, Max Dmitrichenko wrote: > Hi everybody! > > Sometime ago I wrote a dissector of TCP-based protocol, and I faced with > the problem of TCP out-of-order frames. E.g.: > 1) Duplicated packet > 2) Out-of-order packet later followed by TCP retransmission > 3) Simple reordering > and so on. > > Most protocols seems to be tolerant to this. But if you protocol is > encrypted or compressed, such event poisons the state of decoder or > decompressor and most of times it is unrecoverable. > > Does wireshark have anything to handle this? If not is there any demand for > such functionality from dissectors' authors?
The reassembly API can be used if a protocol cares about the ordering, see epan/reassemble.h. Being able to accept out-of-order packets is currently a bug/wishlist item (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9461). Possible concerns that arise is increased memory usage and failure to dissect any data if (say) the parts of the data is missing. -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
