Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Problem with tcp_dissect_pdus

From: Andrew Schweitzer <a.schweitzer.grps@xxxxxxxxx>
Date: Sun, 19 Nov 2006 14:34:13 -0500
John R. wrote:
Insofar as I have a workaround, I described it in the bug report.

hm.... didn't seem to work in my case. I still lose two packets.... maybe I screwed something up.

I made these changes:
packet-tcp.c
tcp_dissect_pdus()
	//COMMENTED OUT:
	//	pinfo->desegment_len = fixed_len - length_remaining;
	//REPLACED WITH:
	pinfo->desegment_len = -1;

desegment_tcp()
	ipfd_head = fragment_add(tvb, offset, pinfo, msp->first_frame,
			tcp_fragment_table,
			seq - msp->seq,
			len,
			//COMMENTED OUT:
			//(LT_SEQ (nxtseq,msp->nxtpdu)) );
			//ADDED:
			0);

Do you happen to remember if that looks like your fix? Maybe I'll try the other one as well.

[snip]


To demonstrate the most likely manifestation of the bug you just need
to to have a flow controlled TCP connection and fairly small PDUs.

In our case it seems to happen with PDUs ~300 bytes, and it happens every time we startup and download everything. I think we intentionally try to fill the pipe... maybe that's what does it.


Andy