Wireshark mailing list archives
Re: TCP dissect issue when app-level message spans multiple TCP packets
From: Guy Harris <guy () alum mit edu>
Date: Thu, 5 May 2011 13:39:25 -0700
On May 5, 2011, at 1:06 PM, Chris Maynard wrote:
Note, however, that you must fill in column information, create conversations, reassemble packets, build any other persistent state needed for dissection, and call subdissectors regardless of whether "tree" is NULL or not. ...
I.e., there is *no* guarantee that, for all calls to the dissector for a TCP segment, pinfo->tcp_tree will be non-null.
If, for example, that's not the case in the first pass through the packets, when the capture file is being read, the
behavior of TCP reassembly of the protocol will be incorrect, because the reassembly depends on *every* segment being
handed to the dissector in order.
What should be done is:
void dissect_for_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, MESSAGE_HEADER_SIZE,
get_message_tcpmessage_len, dissect_message_tcpmessage);
}
and register that as the dissector for TCP and *ONLY* TCP, and have a separate dissector for UDP, and register that for
UDP.
The two dissectors can possibly share common code; when running over UDP, is the one message per UDP datagram, with the
messages looking exactly like the TCP messages?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets, (continued)
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Graham Bloice (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Graham Bloice (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Graham Bloice (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets John Sullivan (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
- Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets Chris Maynard (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Jeff Morriss (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Max Dmitrichenko (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Graham Bloice (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Guy Harris (May 05)
- Re: TCP dissect issue when app-level message spans multiple TCP packets Fernandez, Rafael (May 05)