Max Dmitrichenko wrote:
Hi!
I'm continue to write dissector for an encrypted protocol. Everything
works fine until I receive an out-of-order TCP segment, i.e. previous
was lost.
Since I'm trying to decrypt it, I fail with it and break the whole
decryption context. Is there any way to:
1) Detect that this packet is out of order in given conversation?
2) Ask the TCP dissector to feed this packet later again when all
previous segments will be retransmitted?
I would think desegment_tcp() should be able to handle this by not
calling your dissector for an out-of-order segment: it should be able to
only call your dissector once it has a completely reassembled
(desegmented) PDU. Looking through the code, it's not immediately
obvious to me what the problem is.
A bug report with a sample capture (with your dissector, I guess) would
be helpful. Hmm, I guess I might be able to build such a capture file
from an existing one (if I find the time).
Or to start if you can find what line number the TCP dissector is on
when you get the out-of-order packet, that might shed some light on it.
And as far as I understand, there can be a situation when packet is
duplicated. This should be handled too. How?
That should, too, already be handled. (Only recently did it start
working when the first segment of a PDU was retransmitted.)