On Wed, 4 Oct 2006 23:22:37 -0700
"John R." <jhoger@xxxxxxxxx> wrote:
> Keep in mind that desegment_tcp (which calls the application layer
> dissector, which can call tcp_dissect_pdus) is broken in the case that
> the minimal header spans a tcp segment boundary.
That's nice to know it's a known problem.
I think I described a similar issue in another thread (Message-Id: <20060910012238.eec1de86.noix@xxxxxxxxx>).
In case someone has trouble reproducing this behaviour, I think I have a ready example:
http://sphere.pl/~noix/wireshark/packet-noix.c <-- almost "hello world" - a dissector of a bogus protocol where PDUs are separated by \0 ("c strings") - based on an example from README.developer (which doesn't work)
http://sphere.pl/~noix/wireshark/noix2.pcap <-- a simple packet dump which proves this dissector not working
I also tried to read and undestand desegment_tcp, but I wasn't smart or patient enough.
Noix