Hi,
I have recently come across some problems with reassembly of SIP
messages over TCP one problem seems to be related to when a segment
contains one full PDU and a segment of the next following PDU in this
case the first SIP line of the following PDU is not complete.
I think the ultimate solution would be for the TCP dissector to call the
SIP dissector again with the next incomplete PDU
after receiving the number of bytes "accepted" by the SIP dissector e.g
using the "new-style dissector interface.
also see http://seclists.org/wireshark/2014/Jun/289
As I read the code the first step would be to have
call_dissector() [OK]
try_conversation_dissector()
dissector_try_heuristic()
dissector_try_uint_new [OK]
Return the number of bytes consumed, 0 or -1(need more data) not sure
about DESEGMENT_UNTIL_FIN (-2?).
If people agree the biggest change is to change
dissector_try_heuristic() to return an int.
What do you think?
Regards
Anders
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
