On Wednesday, August 13, 2003, at 2:57 AM, Loïc Minier wrote:
As one can see in
<http://via.ecp.fr/~lool/ethereal/tcp-reassembly.bin>, the TCP
sequence
is fine and the Follow TCP Stream works fine too.
However, the MMSE dissector is called too early in the conversation.
I think this is a design limitation of the current TCP reassembly code
I think this is a limitation of the HTTP dissector, as MMSE isn't
running atop raw TCP, it's running atop HTTP. The HTTP dissector would
need an option to tell it to attempt to reassemble all the "MIME
headers", which I think might be doable with the existing TCP
reassembly code (if you don't have the full header, tell the reassembly
code you need just one more byte; that might be sufficient to get you
the entire next segment added on, and then you can consume all you need
and, I think, return the rest).
Once that's done, it'd need to handle Content-Length: headers, and
perhaps do reassembly on the body using *that*, although whether it
should be done for *all* content types is another matter (do we really
want to reassemble that big movie of Pamela and Tommy in action into
one big tvbuff just because we asked the HTTP dissector to reassemble
the "MIME headers"?). It'd also have to handle messages with no
Content-Length: header, e.g. by reassembling until the connection
closes. (Hopefully we *do* correctly handle reassembly if the
connection closes, even if it closes prematurely.)
