Wireshark-dev: [Wireshark-dev] tcp_dissect_pdus and BitTorrent dissector

From: "John R." <jhoger@xxxxxxxxx>
Date: Sun, 24 Sep 2006 17:51:45 -0700
Using tcp_dissect_pdus I have been having issues with improper
dissection of application level protocol PDUs with my proprietary
protocol.

So that this problem can be efficiently debugged, I have reproduced
the issue against a BitTorrent peer.

Problem:
tcp_dissect_pdus is used by many dissectors to extract PDUs from the
arbitrarily fragmented TCP stream. It is provided a "PDU measure"
callback routine and a minimum length prefix of the packet required to
determine the length of the entire PDU. The PDU measure routine is
only called if sufficient bytes  (the minimum length prefix) can be
provided

I have discovered that BitTorrent, and likely all dissectors that use
tcp_dissect_pdus are broken in the case that the minimum length prefix
is broken across TCP segments.

I do not know if the problem is directly related to tcp_dissect_pdus
or is a more general problem with desegmentation.

I will try to attach the capture file. If it gets stripped, let me
know I can send capture file directly to anyone interested.
Unfortunately I haven't had much luck deciphering the PDU
desegmentation logic on my own, so I'm hoping for some help here.

Thanks,

-- John.

Attachment: btfail.cap
Description: Binary data