Hi Gerhard,
I've had the same problem. Maybe this will help you:
http://www.wireshark.org/lists/wireshark-dev/200607/msg00087.html
BR,
Bogdana
Gerhard Gappmeier wrote:
Hi,
I've implemented my protocol parser using the recommended tcp_dissect_pdus
function.
Now I'm testing it and have found a problem. (See Case 4.)
Can anybody help me with that?
Is this a bug in tcp_dissect_pdus or am I using it wrong?
Case1: each message in an own tcp packet
TCP Layer: ... | | ... | | ...
App Layer: ... | Msg1 | ... | Msg2 | ...
Status: works
Case2: large message split into several tcp packets
TCP Layer: ... | 1476 Byte | Remaining Bytes | ...
App Layer: ... | Large Msg | ...
Status: works, my dissector is called with a reassembled message.
Case3: more small messages in own tcp packet
TCP Layer: ... | | ...
App Layer: ... | Msg1 | Msg2 | ...
Status: works
Case4: one small message and the start of a large splitted message in
first tcp packet
the remaining bytes of msg2 in a second packet
TCP Layer: ... | 1476 Bytes | Remaining Bytes | ...
App Layer: ... | Msg1 | Msg2 | ...
Status: doesn't work
Msg1 is processed correctly.
"tcp_dissect_pdus" calls then the passed "dissect_pdu" function for the
incomplete Msg2 -> no reassembled message!
then it calls the passed "get_pdu_len" function for the remaining bytes
(second tcp packet) -> there is no pdu header in the middle of the message!
The GUI shows an unreassembled packet.
Any ideas?
--
mit freundlichen Grᅵᅵen / best regards
*Gerhard Gappmeier*
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc
------------------------------------------------------------------------
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev