On 05/05/2011 16:00, Chris Maynard wrote: > Fernandez, Rafael <Rafael.Fernandez@...> writes: > >> I am writing a dissector plugin and I am using tcp_dissect_pdus in order to > reassemble packets. However, I >> am experiencing issues when there are multiple application layer messages in > one packet and the last one >> is not complete. Specifically, I have 5 messages in one TCP packet. There are > 5 calls to the get_pdu_len >> function and four calls to the dissect_pdu function. Since there is not >> enough > data in the current >> tvbuff_t, tcp_dissect_pdus returns. When dissect_message is called again, the > beginning of the >> message is lost. When get_pdu_len gets called again it reads a garbage size. >> >> Per >> https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html, > I thought that >> tcp_dissect_pdus is supposed to handle this. I can't find example code in any > dissector in >> /epan/dissectors/* that handles this unlike I am. Am I missing something? >> >> This is part of my code: >> >> void dissect_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) >> { >> if(pinfo->tcp_tree != NULL) { >> tcp_dissect_pdus(tvb, pinfo, tree, TRUE, MESSAGE_HEADER_SIZE, >> get_message_tcpmessage_len, > dissect_message_tcpmessage); >> } >> else { >> // For UDP just print the data for now. >> call_dissector(data_handle, tvb, pinfo, tree); >> } >> } >> >> guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int >> offset) >> { >> if(tvb_length_remaining(tvb, offset) <= 8) >> return 0; >> >> gint32 size = tvb_get_letohl(tvb, offset)+MESSAGE_HEADER_SIZE; >> gint32 type = tvb_get_letohl(tvb, offset+4); >> printf("Len: %u type %d\n", size, type); >> if(strcmp(typeAsString(type), "Unknown") == 0) >> { >> return tvb_length_remaining(tvb, offset); >> } >> return size; >> } > I don't think your get_message_tcpmessage_len() function is coded correctly. > It > looks like you're trying to do some heuristics in there when all you really > should be doing is returning the length of your PDU. In your case, it looks > like the length field is the 1st 4-bytes of the header, so I think you should > probably just be doing something like this: > > if(pinfo->tcp_tree != NULL) { > tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 4, > get_message_tcpmessage_len, > dissect_message_tcpmessage); > } > > (NOTE: Here, you could use MESSAGE_HEADER_SIZE instead of 4, but you really > only > need the 1st 4 bytes to determine the length of the entire PDU.) > > guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int > offset) > { > return tvb_get_letohl(tvb, offset) + MESSAGE_HEADER_SIZE; > } > > > The get_message_tcpmessage_len function should also check that there are enough bytes in the passed in tvb to call tvb_get_letohl(), as the OP's code did.
-- Regards, Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
