Wireshark mailing list archives
Desegment_offset not working properly whem reassembling protocols running atop tcp
From: Oleksandr Tyberkevych <oleks101 () gmail com>
Date: Thu, 18 Jun 2015 21:18:17 -0400
Good Evening, I've been writing a dissector for a custom protocol running on TCP, and when trying to use desegment_offset method for reassembly, I encountered some weird behaviour. Suppose your current tvb contains a buffer of [a, b], where a and b are some bytes signifying the start and end of the buffer. Setting desegment_offset=some_offset and desegment_len=DESEGMENT_ONE_MORE_SEGMENT should make Wireshark provide a tvb that contains a buffer [a+some_offset, b+next_packet_data]. However, it sometimes provides [a, b+next_packet_data] instead -- almost as if it completely ignores the desegment_offset value. This happens when I have a tvb buffer built up of about 5 pieces of data from TCP packets, and I try to drop off one of the front packets (I determine this offset by my own algorithm, but it is always a valid value within the buffer). Is this likely a bug, or, alternatively, does anyone know what could be causing this kind of behaviour? Thanks in advance, O.T.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Desegment_offset not working properly whem reassembling protocols running atop tcp Oleksandr Tyberkevych (Jun 19)