Wireshark · Wireshark-dev: Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown

Wireshark-dev: Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>

Date: Sat, 16 Dec 2006 23:18:13 +0800

Sebastien Tandel wrote:

Hi Jeff,


Jeff Morriss wrote:
Sebastien Tandel wrote:
I am not sure it's broken ...

ICMP and ICMPv6 are rather different ...
- ICMP states that you have to put the IP header + 64 bits of data
- ICMPv6 RFC states, and I quote, you have to put
"As much of invoking packet as will fit without the ICMPv6 packet
exceeding the minimum IPv6 MTU [IPv6]"

IPv6 MTU may vary ... but should certainly include the TCP seq number.
For that field, IMHO, I think we are safe.
Sorry, I guess I wasn't clear. Your code will not show the sequencenumber in IPv6 because you're searching for the string "icmp:ip" whereasin IPv6 it'll be "icmpv6:ipv6".Anyway, I think a better way for the patch to work would be to check the"pinfo->in_error_pkt" field (set to TRUE by ICMP before calling the IPsubdissector). I'll try that tonight.
I didn't see the in_error_pkt.  I think it would probably work but did
you grep in_error_pkt = TRUE ? I don't know the semantic of the others
dissectors using this field. :-/

It seems to have the right semantics but...

However, you raise an interesting point for IPv6: what if there's enoughTCP in there that the regular TCP dissection puts (again) the sequencenumber in the tree? I don't know what the chances of that are.

The ICMPv6 is built after receiving your TCP segment ... we can guess
that (at least) the tcp seq will be reported as you will put in the
ICMPv6 packet as much data as there are in the original packet without
exceeding the IPv6 MTU and the ICMPv6 header is not so long (64bits). In
the current code of the tcp dissector, we have to read 10 bytes more to
add tcp seq to the tree. The minimum MTU for IPv4 equipments is of 68
bytes (ip header included) ... I then guess that we will show the tcp
seq as if in normal conditions.

OK, so I've checked in your original change (with some additionalcomments) in revision 20140. Using in_error_pkt would just run the codefor IPv6 too which wouldn't be good.

References:
- [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
  - From: Sebastien Tandel
- Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
  - From: Stephen Fisher
- Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
  - From: Sebastien Tandel
- Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
  - From: Jeff Morriss
- Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
  - From: Sebastien Tandel
- Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
  - From: Jeff Morriss
- Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
  - From: Sebastien Tandel

Prev by Date: Re: [Wireshark-dev] Roofnet Dissector
Next by Date: Re: [Wireshark-dev] Roofnet Dissector
Previous by thread: Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
Next by thread: [Wireshark-dev] Protocol identification for msnms
Index(es):
- Date
- Thread