2011/5/5 Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>:
>
> I did stumble across a (apparently unrelated) problem in that it will fail
> if you see a gap while the subdissector is returning
> DESEGMENT_ONE_MORE_SEGMENT (as HTTP does until it gets all the headers): in
> that case TCP has to assume that the current message is not part of the
> existing multisegment_pdu--which unfortunately breaks things. Not sure what
> can be done about that...
Such situation can be detected inside the dissector if we know position in
the stream and have the tcpinfo->seq for the packet. The application protocol
dissector can use this knowledge to signal down to the TCP dissector.
Can we make TCP dissector to delay such marked packet and resubmit
it (possibly reassembled with other fragments) to the subdissector again?
--
Max
