Wireshark · Ethereal-dev: [Ethereal-dev] tcp, desegmentation, multiple pdus per segment thoughts

Ethereal-dev: [Ethereal-dev] tcp, desegmentation, multiple pdus per segment thoughts

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ronnie Sahlberg" <rsahlber@xxxxxxxxxxxxxx>

Date: Tue, 6 Nov 2001 20:00:57 +1100

Hi List,

I thought some on the problems with multiple pdu's in a tcp segment,
something which perhaps will
become more common for ethereal to encounter now with tcp-desegmentation.
(though this has existed also before (especially when due to retransmission
several pdu's have been collapsed into
the same segment) and also, in theory, could exist as well for udp based
protocols)

Right now, in order to handle multiple pdu's in a segment, the dissector
would have to be specifically coded
to handle that case by basically looping over the dissector until it runs
out of data in the tvbuff.
This is code duplication (and imho ugly).
Also it relies on all dissectors being specifically coded to handle multiple
pdu's.

Would the following approach work?
Move this loop inside packet-tcp instead and leave all subdissectors to only
dissect one single pdu per invokation.
I.e. something like :
       while(tvb_length_remaining(tvb, offset)) {
               offset = decode_tcp_ports(xxx)
                xxx
       }
This assumes a few things:
1, there is some way that decode_tcp_ports (reliably) can detect how much
data was dissected by
the call to the subdissector.
2, every subdissector consumes at least one byte, or we will have to prevent
this from becoming an infinite loop.
3, there are no protocols which pad the remains of a segment with
crap/random data after the pdu.


I do not have any time right now to look into this, but perhaps it would be
something worth investigating
and someone else could look into it? Perhaps add it to some sort of
ideas-to-look-into-at-some-later-time list?
Perhaps adding something similar to udp, since at least in theory there
could be protocols that would slap multiple
pdu's in one udp datagram.


The benefits I would see if this would be feasible would be (imho)
1,  all protocols running atop of tcp would get automagical multi-pdu
handling.
2,  adding tcp-desegmentation to a dissector would be easier since the
dissector doesnt have to handle the multi-pdu case any more.
3,  it feels cleaner

There might be something important i have missed which would make the entire
approach unfeasible, but hey
it is just an idea.

Follow-Ups:
- Re: [Ethereal-dev] tcp, desegmentation, multiple pdus per segment thoughts
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] Ethereal won the Melbourne Cup ...
Next by Date: Re: [Ethereal-dev] tcp, desegmentation, multiple pdus per segment thoughts
Previous by thread: RE: [Ethereal-dev] Ethereal won the Melbourne Cup ...
Next by thread: Re: [Ethereal-dev] tcp, desegmentation, multiple pdus per segment thoughts
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$