Re: TCP dissect issue when app-level message spans multiple TCP packets

["Fernandez, Rafael" <Rafael.Fernandez () citadelgroup com>]

OK. This function returns exactly the same as yours. The rest of the code in there for debugging purposes. I appreciate 
you trying to help me but you are focusing in wireshark coding standards and lines that do not have anything to do with 
the issue I am experiencing. The issue is the following:

In epan/dissectors/packet-tcp.c-tcp_dissect_pdus():
line 1993: get_pdu_len returns 322. Sets plen to 322.
line 2053-2061: length_remaining is 144. Thus (length_remaining < plen) is true. Sets pinfo->desegment_offset and 
pinfo->desegment_len. tcp_dissect_pdus returns.

In my_dissector.c:
1. Once tcp_dissect_pdus returns, dissect_message returns.
2. dissect_message gets called soon after and calls tcp_dissect_pdus again.

In packet-tcp.c-tcp_dissect_pdus:
Line 1993: get_pdu_len gets called again. It read 4 bytes starting from the 178th (322-144) byte of the application 
message. Thus, it returns a garbage size.

Don't you think there is an issue with this?


-----Original Message-----
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Chris Maynard
Sent: Thursday, May 05, 2011 11:27 AM
To: wireshark-dev () wireshark org
Subject: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets

Fernandez, Rafael <Rafael.Fernandez@...> writes:

> This is my current get_message_tcpmessage_len:
>
> guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
> {
>         guint remaining  = tvb_length_remaining(tvb, offset);
>         guint last_size = tvb_get_letohl(tvb, offset)+MESSAGE_HEADER_SIZE;
>         if(last_size > remaining)
>         {
>                 printf("not enough data: %d remaining: %d\n", last_size,
remaining);
>         }
>         return last_size;
> }

This is still wrong.  You shouldn't be trying to figure out if you've got enough
data; tcp_dissect_pdus() will handle all that for you.  This function only needs
to return the length of the entire PDU so tcp_dissect_pdus() knows how much data
it needs to reassemble before calling your dissector.  Try changing the function
to something like what I posted earlier.

You might also re-read section 2.7.1 of doc/README.developer, as it could help
you in the case of UDP.  And take a look at other examples in the Wireshark
codebase, such as packet-dns.c which doc/README.developer references in its
example.

And stop using printf().  If you need to, try using g_warning() instead.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


CONFIDENTIALITY AND SECURITY NOTICE

The contents of this message and any attachments may be confidential and proprietary and also may be covered by the 
Electronic Communications Privacy Act. This message is not intended to be used by, and should not be relied upon in any 
way, by any third party.  If you are not an intended recipient, please inform the sender of the transmission error and 
delete this message immediately without reading, disseminating, distributing or copying the contents. Citadel makes no 
assurances that this e-mail and any attachments are free of viruses and other harmful code.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe