On Wed, Jul 22, 2009 at 11:39:09AM +0100, Hugo Mills wrote:
> I'm trying to write a new dissector for a protocol used by a piece
> of software we've developed, and I'm encountering some difficulty
> getting tcp_dissect_pdus() to reassemble packets.
>
> The software that communicates using the protocol is sending the
> first four octets (an octet count of the remainder of the message) in
> a separate TCP packet, and I'd like to be able to reassemble the two
> packets into one for my dissector. However, tcp_dissect_pdus() doesn't
> seem to be doing that job: it complains that the first, short, packet
> was truncated during capture, and then goes on to treat the second
> packet as a new protocol message (leading to a faulty dissection).
I've solved the problem. For the record, if anyone else has the
same trouble: Packets are not reassembled if the TCP checksum is
checked and found to be incorrect. These packets were captured on the
loopback interface, which doesn't seem to bother with checksums.
Turning off the "Validate the TCP checksum if possible" option for the
TCP protocol made it all work.
Hugo.
--
Hugo Mills Research Fellow, ACET group,
Systems Engineering, University of Reading.
