Wireshark-dev: [Wireshark-dev] tcp_dissect_pdus() question
From: "Eli Ofenstein" <[email protected]>
Date: Wed, 13 Feb 2008 04:50:34 -0600
I'm having an issue with tcp_dissect_pdus() that doesn't seem to be covered by existing documentation/discussion.  I've ensured that the TCP dissector is functioning properly (i.e. subdissector reassembly is enabled, checksum validation is disabled to handle offloading, etc) and tested to make sure reassembly in general is working.  Reassembly is not being done at all for my dissector.    Due to the nature of the protocol I'm dissecting, the dissector must be heuristic or conversation-based.  I've experimented with both and neither works properly.  Since dissectors like the Yahoo Messenger dissector use a heuristic entry with tcp_dissect_pdus(), I assume that it should be supported.
Behavior-wise, my TCP dissector is being called correctly, is running through tcp_dissect_pdus() with a correct fixed length and function handles, the length calculator is being called and is returning the correct length, and so forth.  tcp_dissect_pdus() simply isn't doing any desegmentation.  A bit of debugging shows that a tcp_analysis is never created for the conversation, so any sort of flow or state tracking isn't being done.
Any thoughts?