Wireshark-dev: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP

From: Chris Maynard <chris.maynard@xxxxxxxxx>
Date: Thu, 5 May 2011 18:25:41 +0000 (UTC)
Fernandez, Rafael <Rafael.Fernandez@...> writes:

> OK. This function returns exactly the same as yours. The rest of the code in
there for debugging purposes.

You're right.  I got distracted by the comparison still being done between
last_size and remaining.

> Don't you think there is an issue with this?

Can you try removing the "if(pinfo->tcp_tree != NULL)" check?

    if(pinfo->tcp_tree != NULL) {
        tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4, get_message_tcpmessage_len, 
                         dissect_message_tcpmessage);
    }

If that helps, then you should look into structuring your code like the dns
dissector does, with separate dissect_message_tcp() and dissect_message_udp()
functions.

If that doesn't help, then you might try compiling your code against the latest
development trunk as I believe there have been some changes made recently
concerning reassembly that might help you.