Ethereal-dev: Re: [Ethereal-dev] Feature request - TCP Retransmission labeling

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: ListSrv <listsrv@xxxxxxxxxx>
Date: Wed, 06 Aug 2003 23:38:06 +0200


Guy Harris wrote:



On Wednesday, August 6, 2003, at 1:54 PM, ListSrv wrote:
Actually I am implementing the retransmission-feature. It should identify: 
-   retransmission number
-   the framenumber of the original frame
-   delta-time of previous retransmitted frame
There  is one issue that is waiting for distribute the feature:
A retransmission can be:
- a real retransmission (SEQ is the same as in the original frame, de IP-identifer 
   however is different)
- a duplicated frame (SEQ en IP-identifer are the same, but the MAC-address is 
    different but de TTL is dropping (e.g. there is a routing loop)
-   none of above (e.g. router-on-a-stick).
Therefore I have to access the MAC-frames from every source en retransmitted 
frame. I have not figured that one out.....:(
You're assuming there *IS* a MAC frame or a MAC address. There isn't necessarily one. 

Yes, I noticed....life ain't easy ..:)
The current retransmission feature doesn't bother with all that; perhaps it's a 90% solution, but that might be good enough.
It does a good job, however there are several 'duplicated acks' which are in fact retransmissions. There are also retransmissions (loops and routers-on-a-stick) which aren't retransmissions. So this can be fine-tuned.
If you still want to check the IP identifier, you'd have to modify the IPv4 and IPv6 dissectors to supply it to the dissectors they call.
I modifed the IPv4 dissector (and added a field for IP-identifier). How come the full IP-header is not coded into the ip_hdr structure (at 
least I couldn't find it).
For IPv6 I have to dive into the IPv6 protocol.
If you still want to check the link-layer address, you can check pinfo->dl_src and pinfo->dl_dst; do *NOT* assume that they're Ethernet-style addresses. Instead, see the "CMP_ADDRESS()", "ADDRESSES_EQUAL()", and "COPY_ADDRESS()" macros in "epan/packet_info.h". 

Done that .... I used this macros already.
Note also that, as per my earlier mail, a TCP retransmission can retransmit data from more than one earlier TCP segment....
That's correct, and for Telnet it seems to work. I use the tcp_unacked structure to walk through the unacked list (this isn't 100% because we can get a delayed framed which we already ACKed and removed from de list....