Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [PATCH] Multiple pdus atop TCP -- a lie in README.developer?

From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Date: Sat, 03 Feb 2007 05:15:54 +0000
Martin Mathieson wrote:
Richard,

I remember struggling with this when writing the Microsoft Media
Server protocol (packet-ms-mms.c), but it did seem to work.

Thanks for that, Martin; however, I've taken a look at it, and I'm really pretty sure that it doesn't work with multiple PDUs in the same packet. I even went so far as to mock up a trace with some ms-mms data packets in it - I'm sorry if you thought it worked, but it doesn't for me.

I've had a good look at the code in packet-tcp.c, and whilst it's somewhat impenetrable, I've come to the conclusion that it just doesn't support multiple pdus as described.

That's not entirely unreasonable in itself; my objection is solely to the fact that README.developer is completely misleading. In fact, even the example dissect_cstr won't work on the tcp dissector, because if you set desegment_len=1 the tcp dissector believes that you know what you are doing and doesn't let you change your mind later.

Furthermore, 2.7.2 says that you can set desegment_len=-1; that doesn't work either, because the tcp dissector expects DESEGMENT_ONE_MORE_SEGMENT, which is 0x0fffffff, which is nowhere near -1.

In short, I think the relevant section of README.developer needs a rewrite. I attach a patch - comments welcome.

Regards,

Richard



--
Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Telephony Gateways Project Manager
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com