Wireshark-dev: Re: [Wireshark-dev] q on catching error in sub-dissectors.

From: Christian Hopps <chopps@xxxxxxxxxx>
Date: Tue, 21 Jan 2020 20:11:00 -0500

João Valverde <joao.valverde@xxxxxxxxxxxxxxxxxx> writes:

On 21/01/20 16:06, João Valverde wrote:


On 21/01/20 16:01, Jeff Morriss wrote:
We've been having fun with multiple PDUs in a single IP frame with
SCTP for years.  While there's room for improvement it's worked
pretty well.

Maybe I didn't explain well, but that's completely different to
multiple IP packets encapsulated in a single frame. L4 multiplexing is
nothing new, I agree.



How would this protocol stack even look in the packet list? Surely it
can only display the outer IP header with ESP/IPTFS protocol? We already
have some issues to iron out with the much simpler case of IP over GRE
(bug 3791 for example).

One idea, and it's just that, I haven't studied the issue in depth,
would be using an IPTFS Cooked Capture DLT type.

I'm not versed well enough in wireshark yet to know what a "cooked capture DLT type" is, but I can show what I have now. :)

I still haven't stamped anything with "comes from" or "depends on", and I'd also like to have datablock summary lines include the actual size of that datablock data...

Basically I decode as:

- IPTFS
 - Header fields
 - Array of datablocks
 - Subtree of contained packets:
   - Array of Dissected IP packets
     - 1st packet is the completion of a fragmented packet if that happened.

You'll notice the final datablock doesn't have a packet (7 data blocks 6 packets), the first packet is the reconstructed packet from the first datablock which is the last of the fragments. The last datablock is the start of a new fragmented packet so that will appear later (the inner packet sizes are from an imix stream of 40, 576 and 1500 FWIW)

Here's the tshark output:

   Frame 8: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface 0
   [...]
   Ethernet II, Src: IntelCor_3c:08:29 (f8:f2:1e:3c:08:29), Dst: IntelCor_3c:09:b1 (f8:f2:1e:3c:09:b1)
   [...]
   Internet Protocol Version 4, Src: 13.13.13.11, Dst: 13.13.13.12
   [...]
       Source: 13.13.13.11
       Destination: 13.13.13.12
   Encapsulating Security Payload
       ESP SPI: 0x00000458 (1112)
       ESP Sequence: 8979
       ESP Pad Length: 0
       Next header: Unassigned (0x8f)
       NULL Authentication
           [Good: True]
           [Bad: False]
   IP Traffic Flow Security
       Flags: 0x0000, V: Not set, CC: Not set
           0... .... .... .... = V: Not set
           .0.. .... .... .... = CC: Not set
       Block Offset: 0x013a
       Data Block: 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 ...
       Data Block: 45 00 00 28 00 01 00 00 3f 11 3b 81 10 00 00 22 ...
       Data Block: 45 00 00 28 00 01 00 00 3f 11 3b 83 10 00 00 21 ...
       Data Block: 45 01 02 40 ff ff 00 00 3f 11 39 ab 10 00 00 01 ...
       Data Block: 45 00 00 28 00 01 00 00 3f 11 3b 7d 10 00 00 24 ...
       Data Block: 45 00 00 28 00 01 00 00 3f 11 3b 7f 10 00 00 23 ...
       Data Block: 45 01 02 40 ff ff 00 00 3f 11 39 ab 10 00 00 01 ...
       Contained Packets
           Internet Protocol Version 4, Src: 16.0.0.42, Dst: 48.0.0.42
               0100 .... = Version: 4
               .... 0101 = Header Length: 20 bytes (5)
               Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
                   0000 00.. = Differentiated Services Codepoint: Default (0)
                   .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
               Total Length: 1500
               Identification: 0x0001 (1)
               Flags: 0x0000
                   0... .... .... .... = Reserved bit: Not set
                   .0.. .... .... .... = Don't fragment: Not set
                   ..0. .... .... .... = More fragments: Not set
                   ...0 0000 0000 0000 = Fragment offset: 0
               Time to live: 63
               Protocol: UDP (17)
               Header checksum: 0x35bd [validation disabled]
               [Header checksum status: Unverified]
               Source: 16.0.0.42
               Destination: 48.0.0.42
           User Datagram Protocol, Src Port: 21964, Dst Port: 13226
               Source Port: 21964
               Destination Port: 13226
               Length: 1480
               Checksum: 0xd039 [unverified]
               [Checksum Status: Unverified]
               [Stream index: 19]
           Data (1472 bytes)

   0000  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0010  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0020  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0030  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0040  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0050  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0060  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0070  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0080  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0090  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00a0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00b0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00c0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00d0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00e0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00f0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0100  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0110  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0120  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0130  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0140  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0150  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0160  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0170  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0180  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0190  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01a0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01b0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01c0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01d0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01e0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01f0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0200  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0210  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0220  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0230  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0240  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0250  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0260  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0270  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0280  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0290  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   02a0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   02b0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   02c0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   02d0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   02e0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   02f0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0300  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0310  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0320  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0330  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0340  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0350  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0360  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0370  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0380  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0390  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   03a0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   03b0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   03c0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   03d0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   03e0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   03f0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0400  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0410  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0420  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0430  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0440  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0450  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0460  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0470  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0480  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0490  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   04a0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   04b0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   04c0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   04d0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   04e0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   04f0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0500  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0510  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0520  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0530  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0540  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0550  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0560  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0570  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0580  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0590  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   05a0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   05b0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
               Data: 787878787878787878787878787878787878787878787878...
               [Length: 1472]
           Internet Protocol Version 4, Src: 16.0.0.34, Dst: 48.0.0.34
               0100 .... = Version: 4
               .... 0101 = Header Length: 20 bytes (5)
               Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
                   0000 00.. = Differentiated Services Codepoint: Default (0)
                   .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
               Total Length: 40
               Identification: 0x0001 (1)
               Flags: 0x0000
                   0... .... .... .... = Reserved bit: Not set
                   .0.. .... .... .... = Don't fragment: Not set
                   ..0. .... .... .... = More fragments: Not set
                   ...0 0000 0000 0000 = Fragment offset: 0
               Time to live: 63
               Protocol: UDP (17)
               Header checksum: 0x3b81 [validation disabled]
               [Header checksum status: Unverified]
               Source: 16.0.0.34
               Destination: 48.0.0.34
           User Datagram Protocol, Src Port: 21964, Dst Port: 13226
               Source Port: 21964
               Destination Port: 13226
               Length: 20
               Checksum: 0x6339 [unverified]
               [Checksum Status: Unverified]
               [Stream index: 20]
           Data (12 bytes)

   0000  78 78 78 78 78 78 78 78 78 78 78 78               xxxxxxxxxxxx
               Data: 787878787878787878787878
               [Length: 12]
           Internet Protocol Version 4, Src: 16.0.0.33, Dst: 48.0.0.33
               0100 .... = Version: 4
               .... 0101 = Header Length: 20 bytes (5)
               Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
                   0000 00.. = Differentiated Services Codepoint: Default (0)
                   .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
               Total Length: 40
               Identification: 0x0001 (1)
               Flags: 0x0000
                   0... .... .... .... = Reserved bit: Not set
                   .0.. .... .... .... = Don't fragment: Not set
                   ..0. .... .... .... = More fragments: Not set
                   ...0 0000 0000 0000 = Fragment offset: 0
               Time to live: 63
               Protocol: UDP (17)
               Header checksum: 0x3b83 [validation disabled]
               [Header checksum status: Unverified]
               Source: 16.0.0.33
               Destination: 48.0.0.33
           User Datagram Protocol, Src Port: 21964, Dst Port: 13226
               Source Port: 21964
               Destination Port: 13226
               Length: 20
               Checksum: 0x633b [unverified]
               [Checksum Status: Unverified]
               [Stream index: 21]
           Data (12 bytes)

   0000  78 78 78 78 78 78 78 78 78 78 78 78               xxxxxxxxxxxx
               Data: 787878787878787878787878
               [Length: 12]
           Internet Protocol Version 4, Src: 16.0.0.1, Dst: 48.0.0.1
               0100 .... = Version: 4
               .... 0101 = Header Length: 20 bytes (5)
               Differentiated Services Field: 0x01 (DSCP: CS0, ECN: ECT(1))
                   0000 00.. = Differentiated Services Codepoint: Default (0)
                   .... ..01 = Explicit Congestion Notification: ECN-Capable Transport codepoint '01' (1)
               Total Length: 576
               Identification: 0xffff (65535)
               Flags: 0x0000
                   0... .... .... .... = Reserved bit: Not set
                   .0.. .... .... .... = Don't fragment: Not set
                   ..0. .... .... .... = More fragments: Not set
                   ...0 0000 0000 0000 = Fragment offset: 0
               Time to live: 63
               Protocol: UDP (17)
               Header checksum: 0x39ab [validation disabled]
               [Header checksum status: Unverified]
               Source: 16.0.0.1
               Destination: 48.0.0.1
           User Datagram Protocol, Src Port: 21964, Dst Port: 13226
               Source Port: 21964
               Destination Port: 13226
               Length: 556
               Checksum: 0x412d [unverified]
               [Checksum Status: Unverified]
               [Stream index: 6]
           Data (548 bytes)

   0000  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0010  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0020  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0030  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0040  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0050  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0060  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0070  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0080  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0090  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00a0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00b0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00c0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00d0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00e0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   00f0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0100  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0110  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0120  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0130  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0140  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0150  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0160  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0170  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0180  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0190  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01a0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01b0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01c0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01d0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01e0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   01f0  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0200  78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78   xxxxxxxxxxxxxxxx
   0210  78 78 78 78 ab 03 00 00 a3 00 00 00 60 d9 7f de   xxxx........`...
   0220  bd 36 1b 00                                       .6..
               Data: 787878787878787878787878787878787878787878787878...
               [Length: 548]
           Internet Protocol Version 4, Src: 16.0.0.36, Dst: 48.0.0.36
               0100 .... = Version: 4
               .... 0101 = Header Length: 20 bytes (5)
               Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
                   0000 00.. = Differentiated Services Codepoint: Default (0)
                   .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
               Total Length: 40
               Identification: 0x0001 (1)
               Flags: 0x0000
                   0... .... .... .... = Reserved bit: Not set
                   .0.. .... .... .... = Don't fragment: Not set
                   ..0. .... .... .... = More fragments: Not set
                   ...0 0000 0000 0000 = Fragment offset: 0
               Time to live: 63
               Protocol: UDP (17)
               Header checksum: 0x3b7d [validation disabled]
               [Header checksum status: Unverified]
               Source: 16.0.0.36
               Destination: 48.0.0.36
           User Datagram Protocol, Src Port: 21964, Dst Port: 13226
               Source Port: 21964
               Destination Port: 13226
               Length: 20
               Checksum: 0x6335 [unverified]
               [Checksum Status: Unverified]
               [Stream index: 22]
           Data (12 bytes)

   0000  78 78 78 78 78 78 78 78 78 78 78 78               xxxxxxxxxxxx
               Data: 787878787878787878787878
               [Length: 12]
           Internet Protocol Version 4, Src: 16.0.0.35, Dst: 48.0.0.35
               0100 .... = Version: 4
               .... 0101 = Header Length: 20 bytes (5)
               Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
                   0000 00.. = Differentiated Services Codepoint: Default (0)
                   .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
               Total Length: 40
               Identification: 0x0001 (1)
               Flags: 0x0000
                   0... .... .... .... = Reserved bit: Not set
                   .0.. .... .... .... = Don't fragment: Not set
                   ..0. .... .... .... = More fragments: Not set
                   ...0 0000 0000 0000 = Fragment offset: 0
               Time to live: 63
               Protocol: UDP (17)
               Header checksum: 0x3b7f [validation disabled]
               [Header checksum status: Unverified]
               Source: 16.0.0.35
               Destination: 48.0.0.35
           User Datagram Protocol, Src Port: 21964, Dst Port: 13226
               Source Port: 21964
               Destination Port: 13226
               Length: 20
               Checksum: 0x6337 [unverified]
               [Checksum Status: Unverified]
               [Stream index: 23]
           Data (12 bytes)

   0000  78 78 78 78 78 78 78 78 78 78 78 78               xxxxxxxxxxxx
               Data: 787878787878787878787878
               [Length: 12]


Thanks,
Chris.





On Tue, Jan 21, 2020 at 9:58 AM João Valverde
<joao.valverde@xxxxxxxxxxxxxxxxxx
<mailto:joao.valverde@xxxxxxxxxxxxxxxxxx>> wrote:

    By the way usually a tunnel encapsulates a single packet. I'm not
    aware
    of any other protocol multiplexing at the IP level. I would assume
    Wireshark requires some replumbing to handle that. Something like
    TFS
    being treated as a framing layer. Just food for thought.

    On 21/01/20 14:46, João Valverde wrote:
    >
    >
    > On 21/01/20 14:33, Christian Hopps wrote:
    >> So I've got a payload of packets in a single frame. I'm calling
    >> dissector_try_uint_new() to dissect each payload (typically IPv4
    >> packets). Some of these packets are considered "malformed" by
    >> wireshark (e.g., created by scapy/trex with some bogus values).
    >>
    >> The problem I'm hitting is that the first malformed inner packet
    >> fails all the way out of my parent dissector, so it doesn't
    dissect
    >> any of the other packets in the payload.
    >>
    >> Another problem I'm having is that the IP sub-dissector is
    >> overwriting my source and destination addresses in the pinfo/tree
    >> (not sure which doesn't really matter).
    >>
    >> Summary:
    >>
    >> - How can I "catch" errors in a subdissector so I can call other
    >> sub-dissectors?
    >
    > Use TRY/CATCH (in epan/exceptions.h).
    >
    >> - How can I "block" sub-dissectors from overwriting my outer
    header
    >> information?
    >
    > I don't think you can. Maybe your IPTFS dissector can set it
    after the
    > sub-dissectors run.
    >
    >>
    >> Thanks,
    >> Chris.
    >>
    ___________________________________________________________________________

    >>
    >> Sent via:    Wireshark-dev mailing list
    <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>>
    >> Archives: https://www.wireshark.org/lists/wireshark-dev
    >> Unsubscribe:
    https://www.wireshark.org/mailman/options/wireshark-dev
    >> mailto:wireshark-dev-request@xxxxxxxxxxxxx
    <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe
    >
    >
    ___________________________________________________________________________

    >
    > Sent via:    Wireshark-dev mailing list
    <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>>
    > Archives: https://www.wireshark.org/lists/wireshark-dev
    > Unsubscribe:
    https://www.wireshark.org/mailman/options/wireshark-dev
    > mailto:wireshark-dev-request@xxxxxxxxxxxxx
    <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe

    ___________________________________________________________________________
    Sent via:    Wireshark-dev mailing list
    <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>>
    Archives: https://www.wireshark.org/lists/wireshark-dev
    Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
                 mailto:wireshark-dev-request@xxxxxxxxxxxxx
    <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:https://www.wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Attachment: signature.asc
Description: PGP signature