Wireshark mailing list archives
Re: TCP dissect issue when app-level message spans multiple TCP packets
From: Graham Bloice <graham.bloice () trihedral com>
Date: Thu, 05 May 2011 17:15:15 +0100
On 05/05/2011 16:59, Fernandez, Rafael wrote:
All, I used to have a very simple get_message_tcpmessage_len. But most of the TCP packets would then say [TCP segment of a reassembled PDU]. I eliminated everything again. This is my current get_message_tcpmessage_len: guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int offset) { guint remaining = tvb_length_remaining(tvb, offset); guint last_size = tvb_get_letohl(tvb, offset)+MESSAGE_HEADER_SIZE; if(last_size > remaining) { printf("not enough data: %d remaining: %d\n", last_size, remaining); } return last_size; } I get the following output in consecutive packets from host A to host B: not enough data: 322 remaining: 144 not enough data: 445080968 remaining: 1448 There are no 445080968 byte messages being sent, ever. It is that the dissector called by tcp_dissect_pdus gets a partial message. Clearly, it is not buffering the packets correctly. I *could* hack it together but I thought this is part of what tcp_dissect_pdus was supposed to do. BTW - I am using and compiling against 1.4.6. Thank you for your responses, Rafael
The types you are using to hold "remaining" and "last_size" might be an issue, tvb_length_remaining() returns a gint and tvb_get_letohl() returns a guint32. -- Regards, Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: TCP dissect issue when app-level message spans multiple TCP packets, (continued)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets John Sullivan (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Jeff Morriss (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Max Dmitrichenko (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Graham Bloice (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)