Wireshark-dev: Re: [Wireshark-dev] question about TCP flag DESEGMENT_UNTIL_FIN
From: Guy Harris <[email protected]>
Date: Wed, 01 Aug 2007 11:37:29 -0700
yin sun wrote:
Hello,
I found out that,
When a subdissector on top of TCP set if (pinfo->can_desegment) {
        pinfo->desegment_len = DESEGMENT_UNTIL_FIN;
        return;
    }
when pinfo->can_desegment is 0 again, subdissector received the whole TCP stream in tvb minus the payload from the FIN packet.
Is this by design? or by mistake?
As I noted in the bug you filed, at least as I read RFC 793, it appears 
to say that SYN and FIN segments can have data:
	For sequence number purposes, the SYN is considered to occur before the 
first actual data octet of the segment in which it occurs, while the FIN 
is considered to occur after the last actual data octet in a segment in 
which it occurs.
so, unless I've misread the RFC, if it's by design, it's a design error 
- the reassembly code should process payload in a FIN segment.