Wireshark-dev: Re: [Wireshark-dev] q on catching error in sub-dissectors.
From: Christian Hopps <chopps@xxxxxxxxxx>
Date: Tue, 21 Jan 2020 20:11:00 -0500
João Valverde <joao.valverde@xxxxxxxxxxxxxxxxxx> writes:
On 21/01/20 16:06, João Valverde wrote:On 21/01/20 16:01, Jeff Morriss wrote:We've been having fun with multiple PDUs in a single IP frame with SCTP for years. While there's room for improvement it's worked pretty well.Maybe I didn't explain well, but that's completely different to multiple IP packets encapsulated in a single frame. L4 multiplexing is nothing new, I agree.How would this protocol stack even look in the packet list? Surely it can only display the outer IP header with ESP/IPTFS protocol? We already have some issues to iron out with the much simpler case of IP over GRE (bug 3791 for example). One idea, and it's just that, I haven't studied the issue in depth, would be using an IPTFS Cooked Capture DLT type.
I'm not versed well enough in wireshark yet to know what a "cooked capture DLT type" is, but I can show what I have now. :)
I still haven't stamped anything with "comes from" or "depends on", and I'd also like to have datablock summary lines include the actual size of that datablock data...
Basically I decode as:
- IPTFS
- Header fields
- Array of datablocks
- Subtree of contained packets:
- Array of Dissected IP packets
- 1st packet is the completion of a fragmented packet if that happened.
You'll notice the final datablock doesn't have a packet (7 data blocks 6 packets), the first packet is the reconstructed packet from the first datablock which is the last of the fragments. The last datablock is the start of a new fragmented packet so that will appear later (the inner packet sizes are from an imix stream of 40, 576 and 1500 FWIW)
Here's the tshark output:
Frame 8: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface 0
[...]
Ethernet II, Src: IntelCor_3c:08:29 (f8:f2:1e:3c:08:29), Dst: IntelCor_3c:09:b1 (f8:f2:1e:3c:09:b1)
[...]
Internet Protocol Version 4, Src: 13.13.13.11, Dst: 13.13.13.12
[...]
Source: 13.13.13.11
Destination: 13.13.13.12
Encapsulating Security Payload
ESP SPI: 0x00000458 (1112)
ESP Sequence: 8979
ESP Pad Length: 0
Next header: Unassigned (0x8f)
NULL Authentication
[Good: True]
[Bad: False]
IP Traffic Flow Security
Flags: 0x0000, V: Not set, CC: Not set
0... .... .... .... = V: Not set
.0.. .... .... .... = CC: Not set
Block Offset: 0x013a
Data Block: 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 ...
Data Block: 45 00 00 28 00 01 00 00 3f 11 3b 81 10 00 00 22 ...
Data Block: 45 00 00 28 00 01 00 00 3f 11 3b 83 10 00 00 21 ...
Data Block: 45 01 02 40 ff ff 00 00 3f 11 39 ab 10 00 00 01 ...
Data Block: 45 00 00 28 00 01 00 00 3f 11 3b 7d 10 00 00 24 ...
Data Block: 45 00 00 28 00 01 00 00 3f 11 3b 7f 10 00 00 23 ...
Data Block: 45 01 02 40 ff ff 00 00 3f 11 39 ab 10 00 00 01 ...
Contained Packets
Internet Protocol Version 4, Src: 16.0.0.42, Dst: 48.0.0.42
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 1500
Identification: 0x0001 (1)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x35bd [validation disabled]
[Header checksum status: Unverified]
Source: 16.0.0.42
Destination: 48.0.0.42
User Datagram Protocol, Src Port: 21964, Dst Port: 13226
Source Port: 21964
Destination Port: 13226
Length: 1480
Checksum: 0xd039 [unverified]
[Checksum Status: Unverified]
[Stream index: 19]
Data (1472 bytes)
0000 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0010 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0020 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0030 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0040 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0050 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0060 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0070 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0080 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0090 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00a0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00b0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00c0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00d0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00e0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00f0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0100 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0110 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0120 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0130 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0140 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0150 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0160 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0170 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0180 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0190 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01a0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01b0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01c0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01d0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01e0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01f0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0200 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0210 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0220 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0230 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0240 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0250 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0260 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0270 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0280 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0290 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
02a0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
02b0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
02c0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
02d0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
02e0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
02f0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0300 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0310 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0320 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0330 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0340 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0350 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0360 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0370 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0380 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0390 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
03a0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
03b0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
03c0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
03d0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
03e0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
03f0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0400 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0410 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0420 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0430 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0440 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0450 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0460 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0470 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0480 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0490 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
04a0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
04b0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
04c0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
04d0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
04e0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
04f0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0500 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0510 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0520 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0530 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0540 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0550 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0560 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0570 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0580 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0590 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
05a0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
05b0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
Data: 787878787878787878787878787878787878787878787878...
[Length: 1472]
Internet Protocol Version 4, Src: 16.0.0.34, Dst: 48.0.0.34
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 40
Identification: 0x0001 (1)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x3b81 [validation disabled]
[Header checksum status: Unverified]
Source: 16.0.0.34
Destination: 48.0.0.34
User Datagram Protocol, Src Port: 21964, Dst Port: 13226
Source Port: 21964
Destination Port: 13226
Length: 20
Checksum: 0x6339 [unverified]
[Checksum Status: Unverified]
[Stream index: 20]
Data (12 bytes)
0000 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxx
Data: 787878787878787878787878
[Length: 12]
Internet Protocol Version 4, Src: 16.0.0.33, Dst: 48.0.0.33
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 40
Identification: 0x0001 (1)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x3b83 [validation disabled]
[Header checksum status: Unverified]
Source: 16.0.0.33
Destination: 48.0.0.33
User Datagram Protocol, Src Port: 21964, Dst Port: 13226
Source Port: 21964
Destination Port: 13226
Length: 20
Checksum: 0x633b [unverified]
[Checksum Status: Unverified]
[Stream index: 21]
Data (12 bytes)
0000 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxx
Data: 787878787878787878787878
[Length: 12]
Internet Protocol Version 4, Src: 16.0.0.1, Dst: 48.0.0.1
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x01 (DSCP: CS0, ECN: ECT(1))
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..01 = Explicit Congestion Notification: ECN-Capable Transport codepoint '01' (1)
Total Length: 576
Identification: 0xffff (65535)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x39ab [validation disabled]
[Header checksum status: Unverified]
Source: 16.0.0.1
Destination: 48.0.0.1
User Datagram Protocol, Src Port: 21964, Dst Port: 13226
Source Port: 21964
Destination Port: 13226
Length: 556
Checksum: 0x412d [unverified]
[Checksum Status: Unverified]
[Stream index: 6]
Data (548 bytes)
0000 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0010 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0020 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0030 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0040 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0050 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0060 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0070 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0080 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0090 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00a0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00b0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00c0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00d0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00e0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
00f0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0100 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0110 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0120 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0130 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0140 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0150 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0160 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0170 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0180 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0190 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01a0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01b0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01c0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01d0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01e0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
01f0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0200 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxxxxxx
0210 78 78 78 78 ab 03 00 00 a3 00 00 00 60 d9 7f de xxxx........`...
0220 bd 36 1b 00 .6..
Data: 787878787878787878787878787878787878787878787878...
[Length: 548]
Internet Protocol Version 4, Src: 16.0.0.36, Dst: 48.0.0.36
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 40
Identification: 0x0001 (1)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x3b7d [validation disabled]
[Header checksum status: Unverified]
Source: 16.0.0.36
Destination: 48.0.0.36
User Datagram Protocol, Src Port: 21964, Dst Port: 13226
Source Port: 21964
Destination Port: 13226
Length: 20
Checksum: 0x6335 [unverified]
[Checksum Status: Unverified]
[Stream index: 22]
Data (12 bytes)
0000 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxx
Data: 787878787878787878787878
[Length: 12]
Internet Protocol Version 4, Src: 16.0.0.35, Dst: 48.0.0.35
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 40
Identification: 0x0001 (1)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 63
Protocol: UDP (17)
Header checksum: 0x3b7f [validation disabled]
[Header checksum status: Unverified]
Source: 16.0.0.35
Destination: 48.0.0.35
User Datagram Protocol, Src Port: 21964, Dst Port: 13226
Source Port: 21964
Destination Port: 13226
Length: 20
Checksum: 0x6337 [unverified]
[Checksum Status: Unverified]
[Stream index: 23]
Data (12 bytes)
0000 78 78 78 78 78 78 78 78 78 78 78 78 xxxxxxxxxxxx
Data: 787878787878787878787878
[Length: 12]
Thanks,
Chris.
On Tue, Jan 21, 2020 at 9:58 AM João Valverde <joao.valverde@xxxxxxxxxxxxxxxxxx <mailto:joao.valverde@xxxxxxxxxxxxxxxxxx>> wrote: By the way usually a tunnel encapsulates a single packet. I'm not aware of any other protocol multiplexing at the IP level. I would assume Wireshark requires some replumbing to handle that. Something like TFS being treated as a framing layer. Just food for thought. On 21/01/20 14:46, João Valverde wrote: > > > On 21/01/20 14:33, Christian Hopps wrote: >> So I've got a payload of packets in a single frame. I'm calling >> dissector_try_uint_new() to dissect each payload (typically IPv4 >> packets). Some of these packets are considered "malformed" by >> wireshark (e.g., created by scapy/trex with some bogus values). >> >> The problem I'm hitting is that the first malformed inner packet >> fails all the way out of my parent dissector, so it doesn't dissect >> any of the other packets in the payload. >> >> Another problem I'm having is that the IP sub-dissector is >> overwriting my source and destination addresses in the pinfo/tree >> (not sure which doesn't really matter). >> >> Summary: >> >> - How can I "catch" errors in a subdissector so I can call other >> sub-dissectors? > > Use TRY/CATCH (in epan/exceptions.h). > >> - How can I "block" sub-dissectors from overwriting my outer header >> information? > > I don't think you can. Maybe your IPTFS dissector can set it after the > sub-dissectors run. > >> >> Thanks, >> Chris. >> ___________________________________________________________________________ >> >> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-request@xxxxxxxxxxxxx <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe > > ___________________________________________________________________________ > > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request@xxxxxxxxxxxxx <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx> Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe:https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Attachment:
signature.asc
Description: PGP signature
- Follow-Ups:
- Re: [Wireshark-dev] q on catching error in sub-dissectors.
- From: João Valverde
- Re: [Wireshark-dev] q on catching error in sub-dissectors.
- References:
- [Wireshark-dev] q on catching error in sub-dissectors.
- From: Christian Hopps
- Re: [Wireshark-dev] q on catching error in sub-dissectors.
- From: João Valverde
- Re: [Wireshark-dev] q on catching error in sub-dissectors.
- From: João Valverde
- Re: [Wireshark-dev] q on catching error in sub-dissectors.
- From: Jeff Morriss
- Re: [Wireshark-dev] q on catching error in sub-dissectors.
- From: João Valverde
- Re: [Wireshark-dev] q on catching error in sub-dissectors.
- From: João Valverde
- [Wireshark-dev] q on catching error in sub-dissectors.
- Prev by Date: Re: [Wireshark-dev] q on catching error in sub-dissectors.
- Next by Date: Re: [Wireshark-dev] q on catching error in sub-dissectors.
- Previous by thread: Re: [Wireshark-dev] q on catching error in sub-dissectors.
- Next by thread: Re: [Wireshark-dev] q on catching error in sub-dissectors.
- Index(es):