Hello,
I'm writing a plugin for a protocol PROTO running on TCP. The packet
reassembly (done with tcp_dissect_pdus) works fine, with one exception.
Sometimes, more PROTO packets come on the network concatenated in one
TCP packet - and as they get concatenated the packet gets too large and
it's split, something like this:
packet 1:
----------
Linux cooked header
IP header
TCP header
PROTO header+body #1 (complete)
PROTO header+body #2 (complete)
..
PROTO header+body #k (incomplete)
packet 2:
----------
Linux cooked header
IP header
TCP header
PROTO header+body #k (continued from the previous packet)
PROTO header+body #k+1 (complete)
..
PROTO header+body #n (complete)
In this case the first packet is dissected OK, with the exception of
PROTO header k ([Unreassembled Packet]). But the second packet gets all
messed-up, because the plugin doesn't know anymore that the second
packet is the continuation of the first packet (even if I used
tcp_dissect_pdus for the reassembly).
In all the other cases (only TCP concatenation without fragmentation -
or fragmentation without TCP concatenation) the plugin works fine.
How could I solve this problem?
Thanks
Bogdana
