Wireshark-dev: Re: [Wireshark-dev] Single TCP segment having multiple PDUs not working

From: Zongjun <qizongjun@xxxxxxxxx>
Date: Thu, 27 Sep 2007 18:41:49 -0700
Hi Didier and Guys,

I finally figured it out! The only change I need to do is change "offset += offset_thisRound; " to "offset = offset_thisRound". Actually I was using offset_thisRound for debugging information, to show how many bytes each time we consume. We can just remove offset_thisRound variable, and instead do:
offset = dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
This will also works!

Thanks for fast replies from you guys. Wireshark rocks!

Zongjun

On 9/27/07, Zongjun <qizongjun@xxxxxxxxx > wrote:
Hey Didier,

I put   " offset_thisRound = dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree); " after if(tree){...}, and IT WORKS! I can have multiple different PDUs in one segment! Amazing!

The only thing is now I get much frequenter cases of "malformed packet".

I don't understand your point #3. You mean put it outside if(tree){...}, or outside while (){...}

Here is my current code:
static void
dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
gint offset = 0; // always points to the front
gint available = 0; // how many bytes still available to consume
gint offset_thisRound = 0;
while((available = tvb_reported_length_remaining (tvb, offset)) > 0)
    {
      printf("available = %d\n", available);
                                                                                                                                                            
      /* make entry in the Protocol column on summary display */
      if (check_col(pinfo->cinfo, COL_PROTOCOL))
        col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
                                                                                                                                                            
      /* create the myproto protocol tree */
      if (tree) {
        myproto_item = proto_tree_add_item(tree, proto_myproto, tvb, offset, -1, FALSE);
        myproto_tree = proto_item_add_subtree(myproto_item, ett_myproto);
      }
      offset_thisRound = dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
      offset += offset_thisRound;                                                                                                            
   } //while:
}



On 9/27/07, Didier < dgautheron@xxxxxxxx> wrote:
On Thu, 27 Sep 2007 13:13:17 -0700, Zongjun wrote
> On 9/27/07, Zongjun <qizongjun@xxxxxxxxx > wrote:
Hey Didier,
>
> You mean like

>
>          gint  offset_thisRound = 0; // of course, outside if(tree) block.
>
>
  if (tree) {
>          myproto_item = proto_tree_add_item(tree, proto_myproto, tvb, offset, -1, FALSE);
>          myproto_tree = proto_item_add_subtree(myproto_item, ett_myproto);
>
        offset_thisRound = dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
>
       }
>    offset += offset_thisRound;

>

> I tried but still the same result.
No you have to:
1) compute
offset_thisRound outside 'if (tree)' otherwise you'll get and endless loop if tree is null, if you unset coloring and reload the file for example.

2)
call dissect_MyProtoMessage_PDU with the new offset.
while(...) {
offset_thisRound = dissect_MyProtoMessage_PDU(tvb,pinfo,offset, tree);
offset +=
offset_thisRound;
}

3) IMO
myproto_item = proto_tree_add_item(tree, proto_myproto, tvb, offset, -1, FALSE); should be outside the loop, inside it breaks the protocol hierarchy statistic.


Thanks,
Zongjun

>


>
> On 9/27/07, Didier <dgautheron@xxxxxxxx> wrote:

>
> Hi
> On Thu, 27 Sep 2007 12:02:32 -0700, Zongjun wrote

>
> Hey guys,
> >
> > According to my capture, I don't have situations where ONE PDU spans over multiple TCP segment. In stead, mine is the other round: Single segment having multiple PDUs.
> >
> > But using the folling code, what I observed is wireshark did put multiple PDU info inside the Detail Window after TCP, however these PDUs are always the same. But in the bottom hexdump window, they are definitely from different PDU.
> >
> > I noticed there has been a similar issue before Wireshark-dev: Re: [Wireshark-dev] Dissect multiple PDUs in one TCP Segment.
> > But again, it is not for single segment having multiple PDU.
> >
> > Anyone see the same issue?
> >
> > Thanks,
> > Zongjun
> >
> > static void
> > dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
> > {
> > gint offset = 0; // always points to the front
> > gint available = 0; // how many bytes still available to consume
> >
> > while((available = tvb_reported_length_remaining(tvb, offset)) > 0)
> >     {
> >       printf("available = %d\n", available);
> >                                                                                                                                                                        
> >       /* make entry in the Protocol column on summary display */
> >       if (check_col(pinfo->cinfo, COL_PROTOCOL))
> >          col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
> >                                                                                                                                                                        
> >       /* create the myproto protocol tree */
> >       if (tree) {
>
> >          myproto_item = proto_tree_add_item(tree, proto_myproto, tvb, offset, -1, FALSE);
> >                                                                                                                                                                        
> >         myproto_tree = proto_item_add_subtree(myproto_item, ett_myproto);
> >
> >          offset += dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
>
offset computation should always be outside  if (tree) block .
> >                                                                                                                                                                        
> >       }
> >       printf("offset = %d\n", offset);
> >                                                                                                                                                                        
> >       if(tvb_reported_length_remaining(tvb, offset) > 0)
> >         {
> >            printf("haha, we get a multiple PDU. \n");
> >         }
> >    } //while:
> > }
>
>

> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>

>

> --
> Thanks,
> Zongjun

>

> --
> Thanks,
> Zongjun



_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev




--
Thanks,
Zongjun



--
Thanks,
Zongjun