Max Dmitrichenko wrote:
2011/5/5 Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>:
I would think desegment_tcp() should be able to handle this by not calling
your dissector for an out-of-order segment: it should be able to only call
your dissector once it has a completely reassembled (desegmented) PDU.
Did you mean using of tcp_dissect_pdus(....)? As for now I use
pinfo->desegement_len
and pinfo->desegment_offset stuff. But if it is that simple, I surely redo using
this function.
Actually I meant the pinfo->desegment_len stuff (I'm not really familiar
with dissect_pdus()).
I did stumble across a (apparently unrelated) problem in that it will
fail if you see a gap while the subdissector is returning
DESEGMENT_ONE_MORE_SEGMENT (as HTTP does until it gets all the headers):
in that case TCP has to assume that the current message is not part of
the existing multisegment_pdu--which unfortunately breaks things. Not
sure what can be done about that...