On 13-05-2016 16:12, Strauß, Martin wrote:
Dear all,
I've written a lua dissector for a company intern binary protocol. Usually it
is capable to dissect everything (if no packet is missing).
I considered that one tcp packet may contain multiple PDU, and also that a PDU
may span over multiple tcp packets.
However now I have a 9 GB big file in front of me, where the dissector stopped
working in the middle of the file.
As far as I can see the problem is that the ressambling of PDUs does not work
if the seq overruns
The last successfully dissected PDU ends at its tcp packet end.
The first not correctly processed PDU is transported in several tcp packets:
1. segment: Summery: [TCP segment of a reassembled PDU]
(Seq: 4294911444 Len: 63712 my_PDU_size:135816)
2. segment: Summery: scp-config → 49998 [ACK] Seq=7860 Ack=18424 Win=63992
Len=1448 TSval=274170360 TSecr=16005993
=> the second segment should have been part of the reassembled PDU, however it
does not contain a list of the reassembled TCP segments [x Reassembled TCP
Segments ...] in the packet details.
And the dissector receives a buffer containing only the content of the second
segment.
It seems as if the overruns resets the reassembling of the PDU.
Is this a bug, a known behavior?
I guess it can't be a mistake in the lua dissector, as the reassembling fails
and even when I report a wrong PDU size it should add the first segment
somewhere (which it doesn't).
Any ideas ?
A superficial analysis of packet-tcp.c suggests a bug, because the
sequence number arithmetic is not performed modulo 2**32.
Mit freundlichen Grüßen | With best regards
Dr. Martin Strauß
Development-Department
--
Müller-BBM VibroAkustik Systeme GmbH
Robert-Koch-Straße 13, 82152 Planegg, Deutschland (Germany)
Tel. +49 89 85602-473
Fax +49 89 85602-444
mstra...@muellerbbm-vas.de
www.MuellerBBM-vas.de
Geschäftsführer: Josef Hobelsberger, Günter Lang
Sitz: Planegg, Amtsgericht: München, HRB 115031, Ust-Id. Nr. DE183657166
Managing Directors: Josef Hobelsberger, Günter Lang
Registered Office: Planegg, Registry Court: Munich, Com. Reg. No. 115031,
V.A.T. Reg. No. DE183657166
Ein Unternehmen der Müller-BBM-Gruppe | A company of the Müller-BBM Group
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
