Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Need help with protocol that spans multiple TVBs

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Herbert Falk" <herb@xxxxxxxxxxxx>
Date: Fri, 16 Apr 2004 14:26:54 -0400
Guy, Sid:
I am in the process of moving to 0.10.3. I am back in the office, and the "reassembly" problem (previously sent trace) is TP0 traffic. I looked in the ISO spec and the spec itself mandates to always send a Seq=0.
Thus, except for out-of-sequence packets, I believe for TP2-TP4 the current code is OK.
The issue is TP0. I am willing to work on a fix. Guidance is desired. TP0 is only used (in the industry) over TCP. This means if the TCP/TPKT dissectors only call the "TP0" dissector appropriately (e.g. with TCP packets/octets proprely ordered) there will be no out-of sequence TP0 packets to deal with in the dissector. 
Is this the way the TCP/TPKT dissectors operate?
If TRUE, then I would suggest creating a TP0 dissector function module (basically a duplicate of the current COTP dissector) but using 

"fragment_add_seq_next()"
The other mechanism would be to have knowledge in the current COTP dissector about which dissector called it (e.g. TPKT or CLNP). If this knowledge is available, this would obviously be the simplest and least amount of code. 

What mechanism would you two like me to use?
In regards to the CL Transport, Session, and Presentation. I will merge my changes as needed into the current 10.3 modules. I will also need to change ACSE to properly interpret the ACSE-authentication field and decode a X.509 certificate. Do either of you know if there is a certificate decode already in Ethereal? If so, please provide me a pointer.
Thanks for you help and assistance. I look forward to getting this all working and submitting the changes for the next release. 


Guy Harris wrote:


On Tue, Apr 13, 2004 at 07:18:31AM +0000, Sid Sid wrote:

I'm affraid the COTP reassembly code does not work correctly this way.


Yes, that's precisely what I was saying - the COTP reassembly code is
*not* correct.




--
Herbert Falk
SISCO
6605 19-1/2 Mile Road
Sterling Heights, MI 48314
Ph: 586-254-0020
Fx:  586-254-0053

NOTICE: This communication may contain privileged or other confidential
information. If you are not the intended recipient, or believe that you
have  received this communication in error, please do not print, copy,
retransmit,  disseminate, or otherwise use the information. Also, please indicate to
the sender that you have received this communication in error, and delete the
copy you received. Thank you.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube