Wireshark-dev: [Wireshark-dev] behavior of tcp_dissect_pdus when protocol pdu is across tcp seg
From: Sudarshan Raghavan <[email protected]>
Date: Mon, 24 Aug 2009 23:32:30 +0530
I am currently working on adding a RTMP (Real Time Messaging Protocol)
dissector to wireshark. RTMP sends out messages by splitting them into
chunks. It starts with a default chunk size and sets it to a different
value later if required. Each RTMP chunk will contain a chunk header
and optionally a message header also.

It is possible that a RTMP chunk starts at an offset inside the
current TCP segment and spills over to the next TCP segment or later.
My length function (get_pdu_len arg of tcp_dissect_pdus) returns the
correct value to be able to get hold of the entire chunk. What i am
seeing in this case (chunk across TCP segments) is that my length
function is getting called as soon as the next TCP segment is seen and
the offset argument passed is 0. I was expecting that tcp_dissect_pdus
will call the length function at the appropriate offset in the next
segment based on the length returned previously. Looking at the
implementation of tcp_dissect_pdus in packet-tcp.c seems to confirm my
analysis. Am I missing something here? How do I make tcp_dissect_pdus
work correctly with chunks across TCP segments.

Please note that it works fine if the chunk is contained entirely
within a TCP segment.