Wireshark-dev: Re: [Wireshark-dev] TCP Reassembly issues

From: "Didier" <dgautheron@xxxxxxxx>
Date: Sun, 8 Jul 2007 18:22:15 +0200
Hi,
On Fri, 06 Jul 2007 16:45:07 +0100, Graham Bloice wrote
> I'm still having issues with TCP reassembly when PDU's are split 
> across TCP segments.  This is a local build of r22258.

packet-dnp is doing strange and in my understanding wrong things with TCP
conversations. You can't hijack it that way for you own application layer
defragmentation.


Attached is a patch which will work, but only with your capture.

You have to understand that
1) file is first read sequentially (flag.visited is false) and you should only
create states then, otherwise something will leak and anyway there's no
guarantee that data will be there, ie when the user browses the packet list.

2) You should only use tcp or udp conversation for not mixing stuff from
unrelated hosts.

Without your protocol spec it's a bit of guessing but it seems there's no
sequence number at the application layer so you need to create one:

1) find the tcp/udp stream conv

2) If there's none attach a proto data with a new se_tree to it, one se_tree
per conversation, with the frame number as key and your own defragmentation
counter as data.

3) when flag.visited is false and tr_fir (?) is true increment your global
counter and store it in the se_tree.

4) now you can use se_tree_lookup32_le for finding the sequence number of a
packet. 

5) use fragment_add_seq_check as you already do with this sequence number.

Didier

=== modified file 'epan/dissectors/packet-dnp.c'
--- epan/dissectors/packet-dnp.c	2007-07-03 19:49:01 +0000
+++ epan/dissectors/packet-dnp.c	2007-07-08 01:46:27 +0000
@@ -2360,7 +2360,7 @@
         conv_data_ptr = NULL;
 
         /* if conversation found get the data pointer that you stored */
-        if (conversation && (!tr_fir || (conversation->setup_frame == pinfo->fd->num)))
+        if (conversation /* && (!tr_fir || (conversation->setup_frame == pinfo->fd->num))*/ )
           conv_data_ptr = (dnp3_conv_t*)conversation_get_proto_data(conversation, proto_dnp3);
 
         if (conv_data_ptr == NULL) {
@@ -2371,8 +2371,10 @@
           conv_data_ptr->conv_seq_number = seq_number++;
 
           /* create the conversation with your data pointer  */
+/*
           conversation = conversation_new(pinfo->fd->num,  &pinfo->src, &pinfo->dst, pinfo->ptype,
             pinfo->srcport, pinfo->destport, 0);
+*/            
           conversation_add_proto_data(conversation, proto_dnp3, (void *)conv_data_ptr);
         }
         conv_seq_number = conv_data_ptr->conv_seq_number;