Wireshark · Wireshark-dev: [Wireshark-dev] Problem with tcp_dissect_pdus

[Gerhard Gappmeier <gerhard.gappmeier@xxxxxxxxxxx>]

Hi,

I've implemented my protocol parser using the recommended tcp_dissect_pdus
function.
Now I'm testing it and have found a problem. (See Case 4.)
Can anybody help me with that?
Is this a bug in tcp_dissect_pdus or am I using it wrong?

Case1: each message in an own tcp packet
TCP Layer: ... |      | ... |      | ...
App Layer: ... | Msg1 | ... | Msg2 | ...
Status: works

Case2: large message split into several tcp packets
TCP Layer: ... | 1476 Byte      | Remaining Bytes | ...
App Layer: ... | Large Msg                        | ...
Status: works, my dissector is called with a reassembled message.

Case3: more small messages in own tcp packet
TCP Layer: ... |             | ...
App Layer: ... | Msg1 | Msg2 | ...
Status: works

Case4: one small message and the start of a large splitted message in first tcp packet
       the remaining bytes of msg2 in a second packet
TCP Layer: ... | 1476 Bytes     | Remaining Bytes | ...
App Layer: ... | Msg1 | Msg2                      | ...
Status: doesn't work

Msg1 is processed correctly.
"tcp_dissect_pdus" calls then the passed "dissect_pdu" function for the incomplete Msg2 -> no reassembled message!
then it calls the passed "get_pdu_len" function for the remaining bytes (second tcp packet) -> there is no pdu header in the middle of the message!
The GUI shows an unreassembled packet.
Any ideas?

--
mit freundlichen Grüßen / best regards

Gerhard Gappmeier
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc