Keep in mind that desegment_tcp (which calls the application layer
dissector, which can call tcp_dissect_pdus) is broken in the case that
the minimal header spans a tcp segment boundary.
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1124
I have a workaround for my own code but desegment_tcp is hard enough
to follow that for me to fix would mean for me to rewrite it. But like
I said I have a workaround (as outlined at the end of the bug report).
Haven't had much luck in getting this bug fixed by the Wireshark devs,
but I believe it would affect ANY dissector that can return a smaller
desegment_len than the full packet size than it will ultimately expect
for a given packet. This typically happens when a "minimal header"
used to judge length is split across tcp segments. So when the first
part of the PDU is seen, it cannot even judge length. It just asks for
enough bytes to judge length. But in that case desegment_tcp logic
seems to be that it is a complete packet.
-- John.
