Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Conversation and TCP reassembly

From: "Jens Steinhauser" <jens.steinhauser@xxxxxxxxxx>
Date: Thu, 31 Jul 2008 14:22:46 +0200
Hi,

I wrote a dissector for a protocol that runs atop of UDP and TCP. It
uses conversations to save information from "Configuration Frames" that
is needed to dissect the "Data Frames" later on. I also used the method
with 'tcp_dissect_pdus()' to handle segmented PDUs.

Everything works fine, except in the case when the frame that sets up
the conversation is segmented. Then the dissector is only called at the
first run for this frame (the output from "tshark -V" looks good, I also
used gdb to prove this), but not when I click the packet list to view
the details for this frame. The "Reassembled TCP" tab is missing and the
details pane only lists the "Frame, Ethernet, IP, and TCP" trees.

When I comment out the two lines:

conversation = conversation_new(pinfo->fd->num, ...);
conversation_add_proto_data(conversation, ...);

in the dissector, the dissector gets called every time I click the
packet list and the tree for my protocol is shown (consequently, the
dissection for the "Data Frames" isn't possible).

Has anyone also had such a problem when using conversations and TCP
reassembly at the same time?

Regards,
Jens

*****************************************************************
Jens Steinhauser (Mr.), Software Development 
Tel.: +43 5523 507 422, Fax.: +43 5523 507 999
http://www.omicron.at/         jens.steinhauser AT omicron.at
*****************************************************************
OMICRON electronics GmbH, Oberes Ried 1
A-6833 Klaus / Austria

Company Registration No. FN 34227i, Commercial Court of Feldkirch
*****************************************************************