Wireshark mailing list archives

Re: TCP dissect issue when app-level message spans multiple TCP packets

From: Graham Bloice <graham.bloice () trihedral com>
Date: Thu, 05 May 2011 17:15:15 +0100

On 05/05/2011 16:59, Fernandez, Rafael wrote:

All,

I used to have a very simple get_message_tcpmessage_len. But most of the TCP packets would then say [TCP segment of a 
reassembled PDU].
I eliminated everything again. This is my current get_message_tcpmessage_len:

guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
        guint remaining  = tvb_length_remaining(tvb, offset);
        guint last_size = tvb_get_letohl(tvb, offset)+MESSAGE_HEADER_SIZE;
        if(last_size > remaining)
        {
                printf("not enough data: %d remaining: %d\n", last_size, remaining);
        }
        return last_size;
}

I get the following output in consecutive packets from host A to host B:

not enough data: 322 remaining: 144
not enough data: 445080968 remaining: 1448

There are no 445080968 byte messages being sent, ever. It is that the dissector called by tcp_dissect_pdus gets a 
partial message. Clearly, it is not buffering the packets correctly. I *could* hack it together but I thought this is 
part of what tcp_dissect_pdus was supposed to do.
BTW - I am using and compiling against 1.4.6.

Thank you for your responses,
Rafael

The types you are using to hold "remaining" and "last_size" might be an issue,
tvb_length_remaining() returns a gint and tvb_get_letohl() returns a guint32.

-- 
Regards,

Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: TCP dissect issue when app-level message spans multiple TCP packets, (continued)
- - - Re: TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)
    - Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
    - Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets John Sullivan (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Jeff Morriss (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Max Dmitrichenko (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Graham Bloice (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
    - Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)