Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Multiple pdus atop TCP -- a lie in README.developer?

From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Date: Wed, 31 Jan 2007 19:39:36 +0000
Hi,

I'm trying to write a dissector for a protocol which consists of a series of small (160 bytes or so) PDUs, over TCP. That obviously means that PDUs can span TCP segment boundaries, and each TCP segment can contain several PDUs.

README.developer (section 2.7.2) implies that I can just dissect one PDU at a time, update pinfo->desegment_offset and pinfo->desegment_len, and the TCP dissector will call my dissector for each PDU: "Wireshark allows dissectors to process PDUs in an idempotent way--dissectors only need to consider one PDU at a time"

However, when I do this, only the first PDU in each TCP segment is dissected.

Obviously, I can work around it by looping over the entire segment, but I'm curious - is what README.developer says just a complete lie? Am I doing something wrong?

(I don't want to use tcp_dissect_pdus as this protocol can run over a myriad other protocols than TCP.)

Thanks,

--
Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Telephony Gateways Project Manager
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com