OK, maybe wireshark-users was a wrong list with little in terms of overlap with wireshakr-dev. So, could you, please, shed some light on the topic raised?
---------- Forwarded message ----------
From:
Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx>Date: Sat, Nov 23, 2013 at 10:08 AM
Subject: understanding DT1 reassembly
To: Community support list for Wireshark <
wireshark-users@xxxxxxxxxxxxx>
Hello all,
as far as I understand from packet-sccp.c DT1 reassembly is supported by now, SLR is used for look up in the hash table, segmentation/reassembly mask is used for deciding whether there will be more segments or not.
packet-sccp.c is more or less piece of cake to understand, reassembly.c, of course, in its generality, not quite so. So, it would be great if somebody could help me to understand following aspect:
How wireshark discerns following two possibilities:
1) first AND last DT1 segment (no more segments in the segmentation/reassembly mask)
2) last DT1 segment (also no more segments in the segmentation/reassembly mask)
what I mean in particular with discerning is how wireshark "knows" not to attempt to dissect/decode isolated last DT1 segment (no more data are announced here too, after all!), in particular with corner case of the last segment arriving first in mind?
/wbr
