Wireshark mailing list archives
TCP reassembly and Return value of a new-style dissector
From: Anders Broman <a.broman () bredband net>
Date: Tue, 09 Dec 2014 21:01:37 +0100
Hi,I have recently come across some problems with reassembly of SIP messages over TCP one problem seems to be related to when a segment contains one full PDU and a segment of the next following PDU in this case the first SIP line of the following PDU is not complete.
I think the ultimate solution would be for the TCP dissector to call the SIP dissector again with the next incomplete PDU after receiving the number of bytes "accepted" by the SIP dissector e.g using the "new-style dissector interface.
also see http://seclists.org/wireshark/2014/Jun/289 As I read the code the first step would be to have call_dissector() [OK] try_conversation_dissector() dissector_try_heuristic() dissector_try_uint_new [OK]Return the number of bytes consumed, 0 or -1(need more data) not sure about DESEGMENT_UNTIL_FIN (-2?).
If people agree the biggest change is to change dissector_try_heuristic() to return an int.
What do you think? Regards Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- TCP reassembly and Return value of a new-style dissector Anders Broman (Dec 09)
- Re: TCP reassembly and Return value of a new-style dissector Peter Wu (Dec 10)
- Re: TCP reassembly and Return value of a new-style dissector Anders Broman (Dec 10)
- Re: TCP reassembly and Return value of a new-style dissector Peter Wu (Dec 10)
- Re: TCP reassembly and Return value of a new-style dissector Anders Broman (Dec 10)
- Re: TCP reassembly and Return value of a new-style dissector Peter Wu (Dec 10)