Guy Harris <[EMAIL PROTECTED]> writes: > > Merlin Hooze wrote: > > > For a disector plugin, if the fixed length part of the message is > > split across tcp segments, can wireshark reassemble it? > > It should be able to do so. If not, that's a bug. (That's why the size > of the fixed-length part of the message is passed as an argument to > tcp_dissect_pdus()). > > There were, in at least some Wireshark releases, bugs that caused that > not to work correctly. Try it with the latest version of Wireshark, > and, if it doesn't work, file a bug on bugs.wireshark.org, preferably > with a sample capture file that demonstrates the bug (just include > enough packets to demonstrate the problem - you can throw all other > packets away, as long as loading the resulting capture shows the problem).
Last time I checked it was still a problem. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1124 . The bug report shows that anuj made a comment on 3/12 that he is still experiencing the same problem. No point in adding a duplicate bug, please update 1124. This has been languishing for a long time: 2006-09-25. I did my part by making it reproducible with non-proprietary protocol. Unfortunately I don't understand the wireshark guts well enough to fix this myself. The code in this particular area is too hard for my tiny brain to grok. No one seems to dispute that this is a bug. But I guess it also requires someone to 'take an interest' in it. Given that few TCP based application protocols send large numbers of small packets (my application does since it's an RFID reader sending EPC notifications... smaller the packet, greater the number, increases dramatically the probability of breaking a header across packets) I was basically told way back when that the interest level was low. So unless someone commits to fixing it if it is still reproducible, I am not putting any more debug time into this one. In any event, the steps to repro are there for the taking, and probably still repro the bug since this issue comes up about every month or two. -- John. _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
