Wireshark-dev: Re: [Wireshark-dev] TCP segmentation loss

From: "Christopher White (WTA)" <christopher.white@xxxxxxxxxxxxxxxxx>
Date: Thu, 04 Jun 2009 22:10:18 +0200
Hi Anders,
Hi All,

Thanks for that I will keep that in mind. I will need to ask our client.

Presently, the dissector code contains very little logic:
There is the ASN.1 specification, A configuration file which comprises
of a reference to the PDU, and a -template.c which has the basic
requirements as set out in the example under wireshark wiki pages.
Additionally we have added a get_msglen function as described in the
developer docu and included an implementation based on section 9.4.2
Reassembling TCP fragments.

Looking at some of the other ASN.1 dissector code, I see that  there
seems to be more logic related to fragmentation reassembly.

Is this all that is required, to deal with  ?

Surely there are other dissectors which require the logic for dealing
with "TCP previous segment loss" or similar conditions, so I cannot
imagine that we are the first to be dealing with typical conditions such
as segment loss, or?


The sample trace which we are using to test the dissector contains a is
based on a TCP stream in which a previous segment loss occurs. After the
event the dissector fails to decode the remaining PDUs correctly. It
seems to restart decoding at thee onset of the subsequent segment
although the next segment begins in the middle of a PDU.

Any ideas?

Best regards,
Chris.


Anders Broman wrote:
> Hi,
> I think the TCP reassembly has problems with out-of-sequence messages.
> 
> Do you plan to submit your dissector to us? Which 3GPP protocol is it
> for? You could submit the asn1 .cnf template files etc ( e.g the files
> that go in /asn1/xx/) to be worked on in the SVN tree in that way we
> could see the code and comment on it.
> Regards
> Anders
> 
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Christopher
> White (WTA)
> Sent: den 4 juni 2009 09:29
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: [Wireshark-dev] TCP segmentation loss
> 
> Dear All,
> 
> I have recently been building a dissector for an 3GPP ASN.1 based
> protocol which uses a tcp based transport.
> 
> I have followed the developer's guide (9.4) relating to the re-assembly
> of fragments, and this seems to work fine.
> 
> However, after a tcp segment loss ( I have the preference analyse tcp
> sequence no.  switched on), the ASN.1 BER PDUs are no longer detected
> and decoded as expected. Somehow, synchronisation is lost. I presume
> this is due to the sequence of segments on the wire.
> 
> I am new to building wireshark dissectors and with the ASN.1 tools. I
> presume there is some additional logic required in my dissector - would
> be very grateful if someone could point me in the right direction?
> 
> Best regards,
> Chris
> 
> ________________________________________________________________________
> ___
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>  
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>