Wireshark mailing list archives
Re: Should dissect_tcp_pdus be used as much as possible?
From: Guy Harris <guy () alum mit edu>
Date: Fri, 4 Jul 2014 10:30:18 -0700
On Jul 4, 2014, at 1:36 AM, Peter Wu <peter () lekensteyn nl> wrote:
Should reassembly be enabled in as many TCP protocols as possible?
Yes.
That is, is it desirable that TCP-based protocols use dissect_tcp_pdus with reassembly set to true?
That is a different question. TCP-based protocols *where the data stream is broken up into PDUs, and the size of a PDU is always >= N, for some value of N > 0, and where the length of the PDU can always be calculated from the contents of the first N bytes of the protocol*, should use tcp_dissect_pdus with the reassembly parameter either hardwired to TRUE or passed as a user-configurable parameter that defaults to TRUE. (That could be simplified to "should TCP-based protocols use tcp_dissect_pdus, *if possible*, with a default setting of "do reassembly?", to which the answer is "yes".) However, not all TCP-based protocols are like that; HTTP, for example, isn't, and it uses different helper routines (see epan/req_resp_hdrs.[ch]). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Should dissect_tcp_pdus be used as much as possible? Peter Wu (Jul 04)
- Re: Should dissect_tcp_pdus be used as much as possible? mmann78 (Jul 04)
- Re: Should dissect_tcp_pdus be used as much as possible? Guy Harris (Jul 04)
- Re: Should dissect_tcp_pdus be used as much as possible? mmann78 (Jul 04)