Hey everyone
I wrote a custom C dissector involving my own re-assembly logic.
The problem I'm dealing with is:
When capturing from high-capacity interfaces sometimes the segments to re-assemble arrive out of order
and the reorder and reassembly code is either not quick enough (for "late" segments) or it's too quick (for "early" segments, at 2nd pass) for the dissector to spot the entire segments sequence.
In this case the reassembly logic breaks and doesn't show the right payloads.
Also, when reading from a capture file the problem does not exist.
I believe this is because the "2nd pass" is actually happening after all the packets has been processed (and segmetns registered) once.
I tried to tackle this by improving my reassembly code but that dissection is just too complex and I failed.
So I'm looking for a workaround and I realized that if I could delay the 2nd pass on live analysis this could "buy the packets time" to be processed. (Note I have no intention to submit such change to gerrit, just for m)
Is this even possible? I am familiar with dissectors code but I don't know where to start looking for the 2nd pass code in WS's repo.
Also I'm open for other clever ideas on how to tackle this issue :)
Thanks,
Darien.
