On Tue, Aug 11, 2020, 06:08 chuck c <bubbas...@gmail.com> wrote:
> There seems to be an extra call to dissect_dcm_tag() in Wireshark before > sop_class_uid and sop_instance_uid are needed in > dcm_export_create_object(). > > In tshark they are null so fail the test of containing data and > boilerplate values are put in. > > This started with a question about number of exported objects: > > https://ask.wireshark.org/question/18322/dicom-object-extraction-discrepancy-between-tshark-and-wireshark/ > > Maybe cleaning things up so that the UIDs match in exports from wireshark > and tshark will also fix file exports? > > > dcm_export_create_object(packet_info *pinfo, dcm_state_assoc_t *assoc, > dcm_state_pdv_t *pdv) > > -------------------------------------------------------------------------------------------- > tshark_debug("is_storage = %d", pdv->is_storage); > tshark_debug("packet = %d", pinfo->num); > tshark_debug("sop_class_uid = %s", pdv_curr->sop_class_uid); > tshark_debug("sop_instance_uid = %s", pdv_curr->sop_instance_uid); > > if (pdv->is_storage && > pdv_curr->sop_class_uid && strlen(pdv_curr->sop_class_uid)>0 && > pdv_curr->sop_instance_uid && > strlen(pdv_curr->sop_instance_uid)>0) { > > > dissect_dcm_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, > > -------------------------------------------------------------------------------------------- > /* ------------------------------------------------------------- > We have decoded the value. Now store those tags of interest > ------------------------------------------------------------- > */ > > /* Store SOP Class and Instance UID in first PDV of this object */ > if (grp == 0x0008 && elm == 0x0016) { > dcm_state_pdv_get_obj_start(pdv)->sop_class_uid = > wmem_strdup(wmem_file_scope(), tag_value); > tshark_debug("dissect_dcm_tag() set sop_class_uid = %s", > dcm_state_pdv_get_obj_start(pdv)->sop_class_uid); > } > else if (grp == 0x0008 && elm == 0x0018) { > dcm_state_pdv_get_obj_start(pdv)->sop_instance_uid = > wmem_strdup(wmem_file_scope(), tag_value); > tshark_debug("dissect_dcm_tag() set sop_instance_uid = %s", > dcm_state_pdv_get_obj_start(pdv)->sop_instance_uid); > } > else if (grp == 0x0000 && elm == 0x0100) { > /* This is the command tag -> overwrite existing PDV > description */ > pdv->desc = wmem_strdup(wmem_file_scope(), tag_value); > } > > admin1@ubuntu1:~/wireshark/build/run$ ./tshark -v > > ** (process:26290): WARNING **: 22:52:05.703: tshark started with 2 args > > ** (process:26290): WARNING **: 22:52:06.003: tshark reading settings > TShark (Wireshark) 3.2.3 (Git commit f39b50865a13) > > Copyright 1998-2020 Gerald Combs <ger...@wireshark.org> and contributors. > License GPLv2+: GNU GPL version 2 or later < > https://www.gnu.org/licenses/gpl-2.0.html> > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with > libnl 3, > with GLib 2.56.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, > with Lua > 5.2.4, with GnuTLS 3.5.18 and PKCS #11 support, with Gcrypt 1.8.1, with MIT > Kerberos, with MaxMind DB resolver, with nghttp2 1.30.0, with brotli, with > LZ4, > with Zstandard, with Snappy, with libxml2 2.9.10. > > Running on Linux 4.15.0-112-generic, with Intel(R) Xeon(R) CPU > E5645 > @ 2.40GHz (with SSE4.2), with 3944 MB of physical memory, with locale > en_US.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt > 1.8.1, > with brotli 1.0.7, with zlib 1.2.11, binary plugins supported (0 loaded). > > Built using gcc 7.5.0. > admin1@ubuntu1:~/wireshark/build/run$ > > > admin1@ubuntu1:~/wireshark/build/run$ ./tshark -2 -r ../../*cap > --export-objects dicom,. -q 2>&1 | grep -i = | more > ** (process:26252): WARNING **: 22:50:50.454: tshark: do_dissection = FALSE > ** (process:26252): WARNING **: 22:50:50.456: tshark: > perform_two_pass_analysis, do_dissection=TRUE > ** (process:26252): WARNING **: 22:50:50.456: tshark: create_proto_tree = > FALSE > ** (process:26252): WARNING **: 22:50:50.468: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.468: packet = 585 > ** (process:26252): WARNING **: 22:50:50.468: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.468: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.468: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.468: packet = 588 > ** (process:26252): WARNING **: 22:50:50.468: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.468: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.470: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.470: packet = 649 > ** (process:26252): WARNING **: 22:50:50.470: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.470: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.519: is_storage = 1 > ** (process:26252): WARNING **: 22:50:50.519: packet = 2804 > ** (process:26252): WARNING **: 22:50:50.519: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.519: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.521: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.521: packet = 2808 > ** (process:26252): WARNING **: 22:50:50.521: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.521: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.521: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.521: packet = 2810 > ** (process:26252): WARNING **: 22:50:50.521: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.521: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.521: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.521: packet = 2815 > ** (process:26252): WARNING **: 22:50:50.521: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.521: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.533: tshark: create_proto_tree = > TRUE > ** (process:26252): WARNING **: 22:50:50.579: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.579: packet = 585 > ** (process:26252): WARNING **: 22:50:50.579: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.579: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.580: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.580: packet = 588 > ** (process:26252): WARNING **: 22:50:50.580: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.580: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.585: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.585: packet = 649 > ** (process:26252): WARNING **: 22:50:50.585: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.585: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.746: is_storage = 1 > ** (process:26252): WARNING **: 22:50:50.746: packet = 2804 > ** (process:26252): WARNING **: 22:50:50.746: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.746: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.747: dissect_dcm_tag() set > sop_class_uid = 1.2.840.10008.5.1.4.1.1.7 (Secondary Capture Image Stora > ge) > ** (process:26252): WARNING **: 22:50:50.747: dissect_dcm_tag() set > sop_instance_uid = 1.2.276.0.7230010.3.1.4.341615093.12584.1428680298.84 > 5 > ** (process:26252): WARNING **: 22:50:50.748: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.748: packet = 2808 > ** (process:26252): WARNING **: 22:50:50.748: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.748: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.749: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.749: packet = 2810 > ** (process:26252): WARNING **: 22:50:50.749: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.749: sop_instance_uid = (null) > ** (process:26252): WARNING **: 22:50:50.749: is_storage = 0 > ** (process:26252): WARNING **: 22:50:50.749: packet = 2815 > ** (process:26252): WARNING **: 22:50:50.749: sop_class_uid = (null) > ** (process:26252): WARNING **: 22:50:50.749: sop_instance_uid = (null) > admin1@ubuntu1:~/wireshark/build/run$ > > > admin1@ubuntu1:~/wireshark/build/run$ ./wireshark -v > Wireshark 3.2.3 (Git commit f39b50865a13) > > Copyright 1998-2020 Gerald Combs <ger...@wireshark.org> and contributors. > License GPLv2+: GNU GPL version 2 or later < > https://www.gnu.org/licenses/gpl-2.0.html> > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > Compiled (64-bit) with Qt 5.9.5, with libpcap, with POSIX capabilities > (Linux), > with libnl 3, with GLib 2.56.4, with zlib 1.2.11, with SMI 0.4.8, with > c-ares > 1.14.0, with Lua 5.2.4, with GnuTLS 3.5.18 and PKCS #11 support, with > Gcrypt > 1.8.1, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.30.0, > with > brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.10, with > QtMultimedia, without automatic updates, with SpeexDSP (using system > library), > with SBC, with SpanDSP, without bcg729. > > Running on Linux 4.15.0-112-generic, with Intel(R) Xeon(R) CPU > E5645 > @ 2.40GHz (with SSE4.2), with 3944 MB of physical memory, with locale > en_US.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt > 1.8.1, > with brotli 1.0.7, with zlib 1.2.11, binary plugins supported (0 loaded). > > Built using gcc 7.5.0. > admin1@ubuntu1:~/wireshark/build/run$ ./wireshark > 22:53:10.495 Warn dissect_dcm_tag() set sop_class_uid = > 1.2.840.10008.5.1.4.1.1.7 (Secondary Capture Image Storage) > 22:53:10.495 Warn dissect_dcm_tag() set sop_instance_uid = > 1.2.276.0.7230010.3.1.4.341615093.12584.1428680298.845 > 22:53:15.992 Warn is_storage = 0 > 22:53:15.992 Warn packet = 585 > 22:53:15.992 Warn sop_class_uid = (null) > 22:53:15.992 Warn sop_instance_uid = (null) > 22:53:15.992 Warn is_storage = 0 > 22:53:15.992 Warn packet = 588 > 22:53:15.992 Warn sop_class_uid = (null) > 22:53:15.992 Warn sop_instance_uid = (null) > 22:53:15.994 Warn is_storage = 0 > 22:53:15.994 Warn packet = 649 > 22:53:15.994 Warn sop_class_uid = (null) > 22:53:15.994 Warn sop_instance_uid = (null) > 22:53:16.043 Warn is_storage = 1 > 22:53:16.043 Warn packet = 2804 > 22:53:16.043 Warn sop_class_uid = 1.2.840.10008.5.1.4.1.1.7 > (Secondary Capture Image Storage) > 22:53:16.043 Warn sop_instance_uid = > 1.2.276.0.7230010.3.1.4.341615093.12584.1428680298.845 > 22:53:16.045 Warn is_storage = 0 > 22:53:16.045 Warn packet = 2808 > 22:53:16.045 Warn sop_class_uid = (null) > 22:53:16.045 Warn sop_instance_uid = (null) > 22:53:16.045 Warn is_storage = 0 > 22:53:16.045 Warn packet = 2810 > 22:53:16.045 Warn sop_class_uid = (null) > 22:53:16.045 Warn sop_instance_uid = (null) > 22:53:16.045 Warn is_storage = 0 > 22:53:16.045 Warn packet = 2815 > 22:53:16.045 Warn sop_class_uid = (null) > 22:53:16.045 Warn sop_instance_uid = (null) > 22:53:16.111 Warn is_storage = 1 > 22:53:16.111 Warn packet = 2804 > 22:53:16.111 Warn sop_class_uid = 1.2.840.10008.5.1.4.1.1.7 > (Secondary Capture Image Storage) > 22:53:16.111 Warn sop_instance_uid = > 1.2.276.0.7230010.3.1.4.341615093.12584.1428680298.845 > 22:53:16.113 Warn dissect_dcm_tag() set sop_class_uid = > 1.2.840.10008.5.1.4.1.1.7 (Secondary Capture Image Storage) > 22:53:16.113 Warn dissect_dcm_tag() set sop_instance_uid = > 1.2.276.0.7230010.3.1.4.341615093.12584.1428680298.845 > Gtk-Message: 22:53:25.655: GtkDialog mapped without a transient parent. > This is discouraged. > admin1@ubuntu1:~/wireshark/build/run$ > > > On Mon, Aug 10, 2020 at 10:03 PM chuck c <bubbas...@gmail.com> wrote: > >> I think I muddied that waters asking about two-pass and export objects. >> >> The tshark export (with or without -2) works in versions 2.6 and 3.0. >> Something changed in 3.2 such that wireshark produces a good file and the >> tshark export doesn't match. >> >> Pretty much in over my head as to whether to look in tshark.c, >> packet-dcm.c or somewhere else. >> Was hoping to narrow things down before moving this to Bugzilla. >> >> On Mon, Aug 10, 2020 at 9:30 PM Guy Harris <ghar...@sonic.net> wrote: >> >>> On Aug 10, 2020, at 6:00 PM, John Thacker <johnthac...@gmail.com> wrote: >>> >>> > On Mon, Aug 10, 2020 at 5:32 PM chuck c <bubbas...@gmail.com> wrote: >>> >> tshark --export-objects dicom is behaving differently than exporting >>> Dicom objects in Wireshark. >>> >> >>> >> Is the "-2" option assumed to be set, observed if set or not used at >>> all for exporting objects with tshark? >>> > >>> > Having implemented Export Objects on a different custom TFTP-like >>> protocol, I experienced the same thing. >>> > >>> > With tshark, -2 is observed if set, and that can result in different >>> behavior. Generally more accurate information is obtained with two passes, >>> which is equivalent to Wireshark behavior. >>> >>> Generally, at least for packet dissection, the only thing you get if you >>> defer displaying packets until after the first pass is that you get to see >>> not only "this frame is dissected as a response to the packet dissected for >>> frame N" but also "this frame is dissected as a packet the response to >>> which is in frame M". There may be exceptions, but it's best to keep them >>> to a minimum. >>> >>> > There are certain protocols where single pass analysis just isn't >>> sufficient to determine all the data, and dissectors where some state >>> object is set, like packet-dcm.c, are a common case. >>> >>> If M < N, most protocols do not require data from packet N (at that >>> protocol layer) in order to process packet M; that even applies to >>> implementations that maintain state. The same applies to dissection; when >>> dissecting a packet, all state established by previous packets is available. >>> >>> What are some examples where you need information from *later* packets >>> to: >>> >>> dissect a packet completely; >>> >>> start constructing a file object? >>> >>> ___________________________________________________________________________ >>> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >>> Archives: https://www.wireshark.org/lists/wireshark-dev >>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >>> mailto:wireshark-dev-requ...@wireshark.org >>> ?subject=unsubscribe >> >> > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
