Wireshark-dev: Re: [Wireshark-dev] Problem with tcp_dissect_pdus
From: "John R." <[email protected]>
Date: Sun, 19 Nov 2006 01:30:15 -0800
Insofar as I have a workaround, I described it in the bug report.

Also another user described an alternative fix which I have not yet
tested (since my workaround has been working for me). Just read all
the way down to the end of the bug report. I could test this soon if
it helps anyone.

The problem is that those of us who need the fix don't feel
comfortable enough with the packet reassembly code to say we have a
fix. Certainly my workaround is not a proper fix. The project
developers have assigned the bug a low priority.

To demonstrate the most likely manifestation of the bug you just need
to to have a flow controlled TCP connection and fairly small PDUs. In
such a case, fragmentation of PDU headers across TCP segments happens
all the time. This shows up in my application since we have lots of
teeny notifications being sent to a client; if the client stops
relieving the pressure of incoming packets the TCP window closes. When
the backpressure is relieved, the server starts chunking out
backlogged data on Ethernet packet boundaries rather than the
boundaries of the original socket "writes". So, headers get split. The
reassembly algorithm is broken in that case.

-- John.