Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Handling TCP packets reordering

From: Sake Blok <sake@xxxxxxxxxx>
Date: Wed, 4 May 2011 22:27:32 +0200
On 4 mei 2011, at 22:11, Jeff Morriss wrote:

> Max Dmitrichenko wrote:
>> Hi!
>> I'm continue to write dissector for an encrypted protocol. Everything
>> works fine until I receive an out-of-order TCP segment, i.e. previous
>> was lost.
>> Since I'm trying to decrypt it, I fail with it and break the whole
>> decryption context. Is there any way to:
>> 1) Detect that this packet is out of order in given conversation?
>> 2) Ask the TCP dissector to feed this packet later again when all
>> previous segments will be retransmitted?
> 
> I would think desegment_tcp() should be able to handle this by not calling your dissector for an out-of-order segment: it should be able to only call your dissector once it has a completely reassembled (desegmented) PDU.  Looking through the code, it's not immediately obvious to me what the problem is.

One case that can cause a problem is when the first segment of a PDU is received out-of-order. Or did your recent work also handle this exception, Jeff?

Cheers,


Sake