Wireshark-dev: Re: [Wireshark-dev] Problem with tcp_dissect_pdus
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Gerhard Gappmeier <gerhard.gappmeier@xxxxxxxxxxx>
Date: Thu, 13 Jul 2006 13:09:38 +0200
Hi Bogdana,

you are right.
After disabling the check of the TCP checksum it works.

Can anybody explain this behaviour?
That looks like a bug for me.


mit freundlichen Grüßen / best regards

Gerhard Gappmeier
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc


Bogdana Botez schrieb: 
Hi Gerhard,

I've had the same problem. Maybe this will help you:
http://www.wireshark.org/lists/wireshark-dev/200607/msg00087.html

BR,
Bogdana




Gerhard Gappmeier wrote:
  
Hi,

I've implemented my protocol parser using the recommended tcp_dissect_pdus
function.
Now I'm testing it and have found a problem. (See Case 4.)
Can anybody help me with that?
Is this a bug in tcp_dissect_pdus or am I using it wrong?

Case1: each message in an own tcp packet
TCP Layer: ... |      | ... |      | ...
App Layer: ... | Msg1 | ... | Msg2 | ...
Status: works

Case2: large message split into several tcp packets
TCP Layer: ... | 1476 Byte      | Remaining Bytes | ...
App Layer: ... | Large Msg                        | ...
Status: works, my dissector is called with a reassembled message.

Case3: more small messages in own tcp packet
TCP Layer: ... |             | ...
App Layer: ... | Msg1 | Msg2 | ...
Status: works

Case4: one small message and the start of a large splitted message in 
first tcp packet
       the remaining bytes of msg2 in a second packet
TCP Layer: ... | 1476 Bytes     | Remaining Bytes | ...
App Layer: ... | Msg1 | Msg2                      | ...
Status: doesn't work

Msg1 is processed correctly.
"tcp_dissect_pdus" calls then the passed "dissect_pdu" function for the 
incomplete Msg2 -> no reassembled message!
then it calls the passed "get_pdu_len" function for the remaining bytes 
(second tcp packet) -> there is no pdu header in the middle of the message!
The GUI shows an unreassembled packet.
Any ideas?

-- 
mit freundlichen Grüßen / best regards

*Gerhard Gappmeier*
ascolab GmbH - automation system communication laboratory
Tel.: +49 9131 691 123
Fax: +49 9131 691 128
Web: http://www.ascolab.com
GPG-Key: http://www.ascolab.com/gpg/gg.asc


------------------------------------------------------------------------

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
    
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev