ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Issue with dissector on top of TCP

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Juan Jose Martin Carrascosa <juanjo@xxxxxxx>
Date: Thu, 19 Mar 2015 16:29:30 +0100
Hi Anders,

Thanks for the prompt reply. I will give it a try.

Thanks again,
Juanjo

On Thu, Mar 19, 2015 at 4:23 PM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Juan Jose Martin Carrascosa
Sent: den 19 mars 2015 16:05
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Issue with dissector on top of TCP

 

Hi all,

 

I am writing a dissector on top of TCP (let's call it Wrapper). For a given TCP segment, I see that the payload length is 1460 bytes. Within those bytes, I have messages of my Wrapper protocol.  The message length of my protocol for those messages is 72 bytes.

 

This is, 20 x messages = 1440. The remainder is 20 bytes. And those 20 bytes are not being dissected nor used at all. (I have verified all this information). Those 20 messages are the beginning of a new Wrapper message, but the message is not completed in that segment.

 

The issue is that the next TCP segment starts 20 bytes later, and thus, it results in dissection errors since that packet, making Malformed Packets or not dissected packets almost everything.

 

I would need to know which is the proper way to let TCP know that those 20 bytes have to be used for the next segment. 

 

Do I have to do anything with the tvb? or on the other hand I have to play with the return value?

 

I have spent already a lot of hours on this and can't figure it out. I hope anyone has any advice for this.

 

Thanks,

Juanjo

 

See doc/README.dissector

 

2.7 Reassembly/desegmentation for protocols running atop TCP.

 

Section 2.7.1 Using tcp_dissect_pdus(). Should probably work for you. Grep for tcp_dissect_pdus in the sources to find multiple examples on how to use it…

 

Regards

Anders

 


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube