On Wed, 1 Sep 2004 06:06:18 -0500, Jeff Foster wrote:
>
> This will work for a fixed length PDU, which does seem to be Peter's
> situation, or a PDU with a length value in the start of the PDU.
> Though I found to documentation in README.developer to be somewhat
> confusing. A simpler example that handles only TCP data may help here.
>
> In my situation I don't know the PDU length because it contains null
> terminated strings. I wanted to decode the entire PDU so I return a
> pinfo->desegment_offset of zero with pinfo->desegment_len = tvb_len()+1.
> As I stated before, in the email 'TCP reassembly and desegment_offset = 0'
> I never see a second call to the sub_dissector by the TCP desegment code.
>
> I have traced this to ipfd_head value of zero returned by fragment_add
> in the packet-tcp.c code. Digging into the reassemble.c code it seems to
> me that the problem is caused by my dissector requesting less data then
> is available in the next packet (fragment).
>
Ok, in that case you should probably use something like :
pinfo->desegment_offset = offset;
pinfo->desegment_len = 1;
where offset is the position in the current TVB where this PDU starts.
That should work ok.
Reasons why TCP reassembly sometimes does NOT work are:
* TCP checksum errors : if there are TCP checksum errors, then all
the data in the segment will be ignored by the reassembly routines.
==> disable checking in preferences if you capture from has tcp
checksum offloading.
* packet slicing. If only partial packets has been captured (packet slicing)
so that there are missing data in the tcp segment, then these segments
will be ignored as well by the reassembly routines.
