On Jan 22, 2004, at 12:57 AM, CNS - Matthew Bradley wrote:
> I am now trying to use tcp_dissect_pdu to dissect a PDU across
> multiple packets. As per the documentation, I have written a function
> to return the PDU length based on the header as described above.
And you specified 8 as the "fixed_len" argument to "tcp_dissect_pdu()",
right? (The 8 bytes of header are the "fixed length" portion, and you
need all 8 bytes, as the length is in the latter 4 bytes.)
Matthew: Yes
> So long as the PDU fits
> within a single TCP packet, the dissector works fine. But if the PDU
> is spread across two packets, dissection fails with a "short frame"
> error message.
You are capturing the entire packet, right?
I.e., you didn't specify "-s" to Tethereal if you used it to capture
the traffic, you *did* specify "-s" to tcpdump and the argument to "-s"
was a large number if you used it to capture the traffic, and you
didn't specify "Limit each packet to [] bytes" if you captured the
traffic with Ethereal? And the "Frame {N}" line in the dissection of
the packet doesn't give an "{M} bytes captured" value where M is less
than the P value in the "{P} bytes on wire"?
Matthew: Yes
And you *did* specify either "TRUE" or a settable parameter that you've
set to TRUE as the "proto_desegment" argument to "tcp_dissect_pdus()"?
Matthew: Yes
And you *have* turned on the "Allow subdissector to desegment TCP
streams" preference for TCP?
Matthew: No, when I wrote the email but I stumbled across this before
receiving your message. Can we add something to this effect to the
README.developer section about tcp_dissect_pdus.
And the TCP headers for the packets in question doesn't show a checksum
error? (Note that, on machines with a network adapter that does TCP
checksumming, outbound traffic - i.e., traffic sent by the machine
running a network analyzer program - will probably be supplied to that
program before being handed to the network adapter, and thus before the
packet is checksummed, so it will appear to have an invalid checksum.
In those cases, you also have to turn off the "Check the validity of
the TCP checksum when possible" preference for TCP.)
Matthew: Yes
And finally to get it to work without causing Ethereal to crash, I needed to
use proto_tree_add_item instead of proto_tree_add_string using the pointer
to the string returned by tvb_format_text.
Now if I turn off the "Allow subdissector to desegment TCP streams"
preference for TCP?, I get my "Short Frame" error. How can I check if this
preference is set? Tvb_reported_length_Remaining still returns the
reassembled length.
Very many thanks for your help,
Matthew
CNS
204-207 Western Docks, Southampton, Hants. SO15 1DA
Switchboard : +44 (0)845 6589920 Fax : +44 (0)2380 799602
Help Desk : +44 (0)845 6589930
http://www.cnsonline.net/
Reg. no. 2084279 England
*************************************************************
All views or opinions expressed herein are solely
those of the author and do not necessarily represent those
of Community Network Services Ltd who do not accept
liability for any action taken in reliance on the contents
of this message (other than where the company has a legal
or regulatory obligation to do so) or for the consequences
of any computer viruses which may have been transmitted
by this E-Mail
The E-Mail and any files transmitted with it, are confidential
and intended solely for the use of the individual or entity to
whom they are addressed. If you have received this message
in error please notify the sender and delete the message
immediately or alternatively email postmaster@xxxxxxxxxxxxx
***************************************************************
