Wireshark mailing list archives
reassembled PDU for lua dissector in case of a seq overrun
From: Strauß, Martin <MStrauss () MuellerBBM-vas de>
Date: Fri, 13 May 2016 15:12:57 +0000
Dear all, I've written a lua dissector for a company intern binary protocol. Usually it is capable to dissect everything (if no packet is missing). I considered that one tcp packet may contain multiple PDU, and also that a PDU may span over multiple tcp packets. However now I have a 9 GB big file in front of me, where the dissector stopped working in the middle of the file. As far as I can see the problem is that the ressambling of PDUs does not work if the seq overruns The last successfully dissected PDU ends at its tcp packet end. The first not correctly processed PDU is transported in several tcp packets: 1. segment: Summery: [TCP segment of a reassembled PDU] (Seq: 4294911444 Len: 63712 my_PDU_size:135816) 2. segment: Summery: scp-config → 49998 [ACK] Seq=7860 Ack=18424 Win=63992 Len=1448 TSval=274170360 TSecr=16005993 => the second segment should have been part of the reassembled PDU, however it does not contain a list of the reassembled TCP segments [x Reassembled TCP Segments ...] in the packet details. And the dissector receives a buffer containing only the content of the second segment. It seems as if the overruns resets the reassembling of the PDU. Is this a bug, a known behavior? I guess it can't be a mistake in the lua dissector, as the reassembling fails and even when I report a wrong PDU size it should add the first segment somewhere (which it doesn't). Any ideas ? Mit freundlichen Grüßen | With best regards Dr. Martin Strauß Development-Department -- Müller-BBM VibroAkustik Systeme GmbH Robert-Koch-Straße 13, 82152 Planegg, Deutschland (Germany) Tel. +49 89 85602-473 Fax +49 89 85602-444 MStrauss () muellerbbm-vas de www.MuellerBBM-vas.de Geschäftsführer: Josef Hobelsberger, Günter Lang Sitz: Planegg, Amtsgericht: München, HRB 115031, Ust-Id. Nr. DE183657166 Managing Directors: Josef Hobelsberger, Günter Lang Registered Office: Planegg, Registry Court: Munich, Com. Reg. No. 115031, V.A.T. Reg. No. DE183657166 Ein Unternehmen der Müller-BBM-Gruppe | A company of the Müller-BBM Group ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- reassembled PDU for lua dissector in case of a seq overrun Strauß , Martin (May 14)
- Re: reassembled PDU for lua dissector in case of a seq overrun João Valverde (May 14)
- Re: reassembled PDU for lua dissector in case of a seq overrun Jeff Morriss (May 18)
- Re: reassembled PDU for lua dissector in case of a seq overrun João Valverde (May 14)