Wireshark · Wireshark-dev: Re: [Wireshark-dev] question about TCP flag DESEGMENT_UNTIL

Wireshark-dev: Re: [Wireshark-dev] question about TCP flag DESEGMENT_UNTIL_FIN

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 01 Aug 2007 11:37:29 -0700

yin sun wrote:

Hello,
I found out that,
When a subdissector on top of TCP setif (pinfo->can_desegment) {
        pinfo->desegment_len = DESEGMENT_UNTIL_FIN;
        return;
    }
when pinfo->can_desegment is 0 again, subdissector received the wholeTCP stream in tvb minus the payload from the FIN packet.
Is this by design? or by mistake?

As I noted in the bug you filed, at least as I read RFC 793, it appearsto say that SYN and FIN segments can have data:

For sequence number purposes, the SYN is considered to occur before thefirst actual data octet of the segment in which it occurs, while the FINis considered to occur after the last actual data octet in a segment inwhich it occurs.

so, unless I've misread the RFC, if it's by design, it's a design error- the reassembly code should process payload in a FIN segment.

Prev by Date: Re: [Wireshark-dev] bug in SHIM6 control message - UPD REQ and UPD ACK
Next by Date: Re: [Wireshark-dev] Possible Bug: Wireshark hangs on File/Save, File/SaveAs, File/Open
Previous by thread: Re: [Wireshark-dev] Possible Bug: Wireshark hangs on File/Save, File/SaveAs, File/Open
Next by thread: [Wireshark-dev] review_for_checkin requested: [Bug 1723] Enhamcement of text2cap for parsing flexibility
Index(es):
- Date
- Thread