Wireshark-dev: Re: [Wireshark-dev] [PATCH] Multiple pdus atop TCP -- a lie in README.developer?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Date: Sat, 03 Feb 2007 05:15:54 +0000
Martin Mathieson wrote:

Richard,

I remember struggling with this when writing the Microsoft Media
Server protocol (packet-ms-mms.c), but it did seem to work.

Thanks for that, Martin; however, I've taken a look at it, and I'm 
really pretty sure that it doesn't work with multiple PDUs in the same 
packet. I even went so far as to mock up a trace with some ms-mms data 
packets in it - I'm sorry if you thought it worked, but it doesn't for me.

I've had a good look at the code in packet-tcp.c, and whilst it's 
somewhat impenetrable, I've come to the conclusion that it just doesn't 
support multiple pdus as described.

That's not entirely unreasonable in itself; my objection is solely to 
the fact that README.developer is completely misleading. In fact, even 
the example dissect_cstr won't work on the tcp dissector, because if you 
set desegment_len=1 the tcp dissector believes that you know what you 
are doing and doesn't let you change your mind later.

Furthermore, 2.7.2 says that you can set desegment_len=-1; that doesn't 
work either, because the tcp dissector expects 
DESEGMENT_ONE_MORE_SEGMENT, which is 0x0fffffff, which is nowhere near -1.

In short, I think the relevant section of README.developer needs a 
rewrite. I attach a patch - comments welcome.

Regards,

Richard



--
Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Telephony Gateways Project Manager
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com