Good Evening,
I've been writing a dissector for a custom protocol running on TCP, and when trying to use desegment_offset method for reassembly, I encountered some weird behaviour.
Suppose your current tvb contains a buffer of [a, b], where a and b are some bytes signifying the start and end of the buffer. Setting desegment_offset=some_offset and desegment_len=DESEGMENT_ONE_MORE_SEGMENT should make Wireshark provide a tvb that contains a buffer [a+some_offset, b+next_packet_data]. However, it sometimes provides [a, b+next_packet_data] instead -- almost as if it completely ignores the desegment_offset value. This happens when I have a tvb buffer built up of about 5 pieces of data from TCP packets, and I try to drop off one of the front packets (I determine this offset by my own algorithm, but it is always a valid value within the buffer).
Is this likely a bug, or, alternatively, does anyone know what could be causing this kind of behaviour?
Thanks in advance,
O.T.