Hi,
Le lundi 24 aoᅵt 2009 ᅵ 17:37 -0700, Guy Harris a ᅵcrit :
> On Aug 24, 2009, at 11:02 AM, Sudarshan Raghavan wrote:
>
> > How do I make tcp_dissect_pdus work correctly with chunks across TCP
> > segments.
>
> Is it not working correctly now? I've seen it work correctly for
> other protocols, even with multiple messages within one TCP segment,
> messages split across TCP segments, and messages split across TCP
> segments with the last TCP segment having the end of one message
> followed by other messages or the beginning of another message.
>
> Note that "working correctly" does not mean "calling your dissector
> with a non-zero offset", it means "calling your chunk dissector with a
> completely reassembled RTMP chunk, even if the chunk is split across
> TCP segment boundaries or if there are parts of more than one RTMP
> chunk (or complete RTMP chunks) in a TCP segment".
>From previous Sudarshan mails I'm not sure it's his problem but
tcp_dissect_pdus only works well with RPC like protocols ie:
send request
wait reply
send request
...
because there's 'bubbles' in the TCP pipe odds that a PDU starts at the
TCP segment offset zero are good. It's important for finding the *first*
dissected PDU, after that it's ok.
Not so for 'stream' like protocols or if you have a lot of missing TCP
segments, something like :
desegment_foo(tvb, offset)
marker_ofs = find_marker(tvb, offset);
if (marker_ofs)
add_idem("continuation");
if (marker_ofs >= 0)
tcp_dissect_pdus(tvb, min_length, marker_ofs)
may help
Of course it doesn't deal with a marker across TCP but you get the idea.
You can do it in the get_pdu_len function, but it has other issues (like
when the actual length of the continuation is smaller than the min
length).
Didier