Ethereal-dev: [Ethereal-dev] desegmentation problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Matthijs Melchior <mmelchior@xxxxxxxxx>
Date: Thu, 05 Jun 2003 01:45:35 +0200
Hi,
   My dissector has a problem with desegmentation.  I have been
using captures created by text2pcap, and everything worked OK.
That were capture files that started on a PDU boundary and have
only one direction of dataflow in it.  Now I have a capture from
a real tcp session, which does not start at a PDU boundary and
contains ack packets as well.

This capture causes the desegmentation to behave very strange.

The very first packet appears to be desegmented and built from
Frame 15 payload 0-28  and  Frame 17 payload 29-1499
It has 105 bytes TCP segment data at the end.

The capture has 14 packets with data, 13 are 1514 in length and the
last is 517 bytes.  Frames 15 and 17 are data packets 9 and 10.

The next data packet, frame 3, is a continuation of packet 1:
Frame 17 payload 0-104  and Frame 19 payload 105-1564  and 3 bytes
TCP segment data at the end.

The third data packet, frame 5, is not reassembled, and has 7 bytes
TCP segment data at the end.

The fourth data packet, frame 7, seems to be correct, it is built
from frame 5 payload 0-6 and frame 7 payload 7-1466 with 3 bytes
TCP segment data at the end.


My dissector handles desegmentation like this:
[non essential code removed...]

void dissect_asn1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
   // set COL_PROTOCOL and clear COL_INFO
   // reset asn1 decoder and get info about first entity
   // use this to set COL_INFO

   if (tree) {

      TRY {

        while(tvb_length_remaining(tvb, offset) > 0) {
            // reset asn1 decoder
            // dissect first entity
            ti = proto_tree_add_protocol_format(tree, .... );
            asn1_tree = proto_item_add_subtree(ti, ett_asn1);
if (!def) len++; /* make sure we get an exception if we run off the end! */ 
            offset = decode_asn1_sequence(tvb, offset, len, asn1_tree, 1);
            proto_item_set_len(ti, offset - boffset);

       }
       CATCH(BoundsError) {
           RETHROW;
       }
       CATCH(ReportedBoundsError) {
           if (ti)
               proto_item_append_text(ti, " (incomplete)");
           if (asn1_desegment) {
               pinfo->desegment_offset = boffset;
               pinfo->desegment_len = 1;
           );
       } else {
           RETHROW;
       }
       return;
   }
   ENDTRY;
 }



Sometimes when I was working with this capture, ethereal would crach
in the exeption handling routines.  ddd tels me it was in except.c:246
There, in routine except_pop(), variable top seems to have a random value.

This all happens in parts of ethereal I have not studied.....

I would appreciate some hints on how to debug this!

Thanks!

--
Regards,
----------------------------------------------------------------  -o)
Matthijs Melchior                                       Maarssen  /\\
mmelchior@xxxxxxxxx                                  Netherlands _\_v
---------------------------------------------------------------- ----