Wireshark mailing list archives
Re: TCP reassembly fails when ethernet tunnled over TCP
From: Anders Broman <a.broman58 () gmail com>
Date: Mon, 15 Nov 2021 16:20:06 +0100
Hi, How about having an array of "address information" where each level put's it's address info and then a "current IP layer" index variable which the "tunnel protocol" can set when calling the tunneled protocol(s) and re-set when returning. In that way the TCP protocol would get the correct IP for the layer it operates on. With this structure we would also have MAC addresses etc accessible from higher layers if needed. Regards Anders Den fre 12 nov. 2021 kl 14:11 skrev John Thacker <johnthacker () gmail com>:
Yes, this is a long standing problem: https://gitlab.com/wireshark/wireshark/-/issues/2345 and https://gitlab.com/wireshark/wireshark/-/issues/9782 among others, are examples of the same generic problem. The entire packet_info [dl_|net_]{src, dst} structure doesn't work very well for tunnelled packets, especially those containing the same protocol in the outer layers as well inside the tunnel. The endpoints API is supposed to help, but the TCP dissector doesn't use it, and it would still have to be changed for multiple protocols of the same type, see Michael Mann's comment on #2345. John On Fri, Nov 12, 2021 at 7:57 AM Anders Broman via Wireshark-dev < wireshark-dev () wireshark org> wrote:Hi, We have a proprietary protocol sending usually small frames mixed with larger tunneled ethernet frames over TCP. If we then have a TCP segment where the ethernet frame Spans 2 segments reassembly fails presumably because pinfo does not have the IP address of the TCP segment. I think we would need a way to create a new pinfo structure For the tunneled frame? How to do that or some other way to solve the problem? In our case we only have ethernet and a vlan tag then our protocol again so We “fixed” that by dissecting those bytes in the internal dissector. But I think it may be a generic problem for tunneling that may deserve a proper fix. tcp_dissect_pdus() is used Regards Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- TCP reassembly fails when ethernet tunnled over TCP Anders Broman via Wireshark-dev (Nov 12)
- Re: TCP reassembly fails when ethernet tunnled over TCP John Thacker (Nov 12)
- Re: TCP reassembly fails when ethernet tunnled over TCP Anders Broman (Nov 15)
- Re: TCP reassembly fails when ethernet tunnled over TCP John Thacker (Nov 12)