Re: [Wireshark-dev] TCP reassembly fails when ethernet tunnled over TCP
Hi, How about having an array of "address information" where each level put's it's address info and then a "current IP layer" index variable which the "tunnel protocol" can set when calling the tunneled protocol(s) and re-set when returning. In that way the TCP protocol would get the correct IP for the layer it operates on. With this structure we would also have MAC addresses etc accessible from higher layers if needed. Regards Anders Den fre 12 nov. 2021 kl 14:11 skrev John Thacker : > Yes, this is a long standing problem: > > https://gitlab.com/wireshark/wireshark/-/issues/2345 > and > https://gitlab.com/wireshark/wireshark/-/issues/9782 > > among others, are examples of the same generic problem. > > The entire packet_info [dl_|net_]{src, dst} structure doesn't work very > well for tunnelled packets, especially those containing the same protocol > in the outer layers as well inside the tunnel. The endpoints API is > supposed to help, but the TCP dissector doesn't use it, and it would still > have to be changed for multiple protocols of the same type, see Michael > Mann's comment on #2345. > > John > > > On Fri, Nov 12, 2021 at 7:57 AM Anders Broman via Wireshark-dev < > wireshark-dev@wireshark.org> wrote: > >> Hi, >> >> We have a proprietary protocol sending usually small frames mixed with >> larger tunneled ethernet frames over TCP. If we then have a TCP segment >> where the ethernet frame >> >> Spans 2 segments reassembly fails presumably because pinfo does not have >> the IP address of the TCP segment. I think we would need a way to create a >> new pinfo structure >> >> For the tunneled frame? How to do that or some other way to solve the >> problem? In our case we only have ethernet and a vlan tag then our protocol >> again so >> >> We “fixed” that by dissecting those bytes in the internal dissector. But >> I think it may be a generic problem for tunneling that may deserve a proper >> fix. >> >> tcp_dissect_pdus() is used >> >> Regards >> >> Anders >> >> ___ >> Sent via:Wireshark-dev mailing list >> Archives:https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe >> > ___ > Sent via:Wireshark-dev mailing list > Archives:https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe > ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] TCP reassembly fails when ethernet tunnled over TCP
Yes, this is a long standing problem: https://gitlab.com/wireshark/wireshark/-/issues/2345 and https://gitlab.com/wireshark/wireshark/-/issues/9782 among others, are examples of the same generic problem. The entire packet_info [dl_|net_]{src, dst} structure doesn't work very well for tunnelled packets, especially those containing the same protocol in the outer layers as well inside the tunnel. The endpoints API is supposed to help, but the TCP dissector doesn't use it, and it would still have to be changed for multiple protocols of the same type, see Michael Mann's comment on #2345. John On Fri, Nov 12, 2021 at 7:57 AM Anders Broman via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > Hi, > > We have a proprietary protocol sending usually small frames mixed with > larger tunneled ethernet frames over TCP. If we then have a TCP segment > where the ethernet frame > > Spans 2 segments reassembly fails presumably because pinfo does not have > the IP address of the TCP segment. I think we would need a way to create a > new pinfo structure > > For the tunneled frame? How to do that or some other way to solve the > problem? In our case we only have ethernet and a vlan tag then our protocol > again so > > We “fixed” that by dissecting those bytes in the internal dissector. But I > think it may be a generic problem for tunneling that may deserve a proper > fix. > > tcp_dissect_pdus() is used > > Regards > > Anders > ___ > Sent via:Wireshark-dev mailing list > Archives:https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe > ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] TCP reassembly fails when ethernet tunnled over TCP
Hi, We have a proprietary protocol sending usually small frames mixed with larger tunneled ethernet frames over TCP. If we then have a TCP segment where the ethernet frame Spans 2 segments reassembly fails presumably because pinfo does not have the IP address of the TCP segment. I think we would need a way to create a new pinfo structure For the tunneled frame? How to do that or some other way to solve the problem? In our case we only have ethernet and a vlan tag then our protocol again so We "fixed" that by dissecting those bytes in the internal dissector. But I think it may be a generic problem for tunneling that may deserve a proper fix. tcp_dissect_pdus() is used Regards Anders smime.p7s Description: S/MIME cryptographic signature ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe