Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2019-09-25 13:58:58 +0000

Kim gravatar image

Raw data consists of 1 message which gets split into 2 packets (i.e. 10 and 8). Each PDU is 8 bytes. How many times does tcp_dissect_pdus get called in this case?

#define FRAME_HEADER_LEN 8

/* This method dissects fully reassembled messages / static int dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { / TODO: implement your dissecting code */ return tvb_captured_length(tvb); }

/* determine PDU length of protocol foo */ static guint get_foo_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_) { return FRAME_HEADER_LEN }

/* The main dissecting routine */ static int dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN, get_foo_message_len, dissect_foo_message, data); return tvb_captured_length(tvb); }

Wireshark - Import raw data

raw data file: 000000 0a 01 00 00 00 00 00 10 03 0a 02 00 00 00 00 00 11 03

TCP splits it into 2 packets (i.e. 10 and 8 bytes).

Debug trace is as follows: dissect_foo() calls tcp_dissect_pdus()

tcp_dissect_pdus() calls get_foo_message_len()

get_foo_message_len() returns PDU size 8 There is 2 remaining bytes from 1st packet

 The program executes dissect_foo_message.  I would have expected dissect_foo() to call tcp_dissect_pdus() to reassemble the next packet.  Building a 16 byte message.

The documentation for TCP reassembly is difficult to follow and it is not clear.

click to hide/show revision 2
None

updated 2019-09-25 17:30:57 +0000

Jaap gravatar image

Raw data consists of 1 message which gets split into 2 packets (i.e. 10 and 8). Each PDU is 8 bytes. How many times does tcp_dissect_pdus get called in this case?

#define FRAME_HEADER_LEN 8
 
8

/* This method dissects fully reassembled messages /
*/
static int
dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_)
{
    / /* TODO: implement your dissecting code */
    return tvb_captured_length(tvb);
}
 
}

/* determine PDU length of protocol foo */
static guint
get_foo_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
{
    return FRAME_HEADER_LEN
}
 
}

/* The main dissecting routine */
static int
dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
                     get_foo_message_len, dissect_foo_message, data);
    return tvb_captured_length(tvb);
}
}

Wireshark - Import raw data

raw data file: 000000 0a 01 00 00 00 00 00 10 03 0a 02 00 00 00 00 00 11 03

TCP splits it into 2 packets (i.e. 10 and 8 bytes).

Debug trace is as follows: follows:

  dissect_foo()
    calls  tcp_dissect_pdus()
 
tcp_dissect_pdus()

  tcp_dissect_pdus()
    calls get_foo_message_len()
 
get_foo_message_len()

  get_foo_message_len()
     returns PDU size 8
     There is 2 remaining bytes from 1st packet
 
 packet

 
The program executes dissect_foo_message.  I would have expected dissect_foo() to call tcp_dissect_pdus() to reassemble the next packet.  Building a 16 byte message.
message.

The documentation for TCP reassembly is difficult to follow and it is not clear.

click to hide/show revision 3
None

updated 2019-09-25 17:35:34 +0000

Jaap gravatar image

Raw data consists of 1 message which gets split into 2 packets (i.e. 10 and 8). Each PDU is 8 bytes. How many times does tcp_dissect_pdus get called in this case?

Raw data consists of 1 message which gets split into 2 packets (i.e. 10 and 8). Each PDU is 8 bytes. How many times does tcp_dissect_pdus get called in this case?

#define FRAME_HEADER_LEN 8

/* This method dissects fully reassembled messages */
static int
dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_)
{
    /* TODO: implement your dissecting code */
    return tvb_captured_length(tvb);
}

/* determine PDU length of protocol foo */
static guint
get_foo_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
{
    return FRAME_HEADER_LEN
}

/* The main dissecting routine */
static int
dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
                     get_foo_message_len, dissect_foo_message, data);
    return tvb_captured_length(tvb);
}

Wireshark - Import raw data

raw data file: 000000 0a 01 00 00 00 00 00 10 03 0a 02 00 00 00 00 00 11 03

TCP splits it into 2 packets (i.e. 10 and 8 bytes).

Debug trace is as follows:

  dissect_foo()
    calls  tcp_dissect_pdus()

  tcp_dissect_pdus()
    calls get_foo_message_len()

  get_foo_message_len()
     returns PDU size 8
     There is 2 remaining bytes from 1st packet

The program executes dissect_foo_message. I would have expected dissect_foo() to call tcp_dissect_pdus() to reassemble the next packet. Building a 16 byte message.

The documentation for TCP reassembly is difficult to follow and it is not clear.

click to hide/show revision 4
None

updated 2019-09-25 17:35:53 +0000

Jaap gravatar image

Raw data consists of 1 message which gets split into 2 packets (i.e. 10 and 8). Each PDU is 8 bytes. How many times does tcp_dissect_pdus get called in this case?

Raw data consists of 1 message which gets split into 2 packets (i.e. 10 and 8). Each PDU is 8 bytes. How many times does tcp_dissect_pdus get called in this case?

#define FRAME_HEADER_LEN 8

/* This method dissects fully reassembled messages */
static int
dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_)
{
    /* TODO: implement your dissecting code */
    return tvb_captured_length(tvb);
}

/* determine PDU length of protocol foo */
static guint
get_foo_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
{
    return FRAME_HEADER_LEN
}

/* The main dissecting routine */
static int
dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
    tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
                     get_foo_message_len, dissect_foo_message, data);
    return tvb_captured_length(tvb);
}

Wireshark - Import raw data

raw data file: 000000 0a 01 00 00 00 00 00 10 03 0a 02 00 00 00 00 00 11 03

TCP splits it into 2 packets (i.e. 10 and 8 bytes).

Debug trace is as follows:

  dissect_foo()
    calls  tcp_dissect_pdus()

  tcp_dissect_pdus()
    calls get_foo_message_len()

  get_foo_message_len()
     returns PDU size 8
     There is 2 remaining bytes from 1st packet

The program executes dissect_foo_message. I would have expected dissect_foo() to call tcp_dissect_pdus() to reassemble the next packet. Building a 16 byte message.

The documentation for TCP reassembly is difficult to follow and it is not clear.

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2