This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm working with a Wireshark dissector that interprets an application layer protocol built on top of TCP.

I'm trying to fix a bug in the dissector in which it is trying to reassemble a packet with a TCP retransmitted packet. The retransmitted packet should be ignored because the original has already been dissected.

I've stepped through with gdb and looked at the contents of pinfo and pinfo->fd related to the retransmitted packet, but I couldn't find anything indicating that it is a retransmission.

I'm sure I'm missing something simple since this must be a common problem. My desperate web searching isn't proving fruitful, but I notice this:

http://www.wireshark.org/lists/ethereal-dev/200308/msg00466.html

Quoting from there:

Is it to detect retransmissions? If so the TCP itself already have code to do so.

That makes me hopeful, but what does that mean? What is "the TCP"? Is there some Wireshark TCP library I can call into to see if the bytes from the packet I'm dissecting comes from a TCP retransmission?

Thanks!


Update

I'm noticing that tcp_dissect_pdus is generally used for such things. If I'm understanding things right, it takes care of retransmission for you automatically, right? Here's my concern, though: my dissector may or may not be called by another dissector between it and tcp which itself would have used tcp_dissect_pdus. Does that preclude me from using it? That is, from the perspective of my dissector, I'm not sure whether I'm on top of this other layer or not and therefore won't know how to indicate to tcp_dissect_pdus how to interpret the application layer data. Perhaps I can indicate the existence of this other layer somehow from the other dissector that may call this one?

asked 14 Sep '13, 20:20

firebush's gravatar image

firebush
21337
accept rate: 0%

edited 14 Sep '13, 21:00


Up until relatively recently TCP would always call subdissectors even when the packets are retransmitted. But since revision 42774 there has been a preference that controls that: tcp.no_subdissector_on_error.

The commit message for that revision explains at length why it's done this way and why the preference was put in. There does not appear to be a way to set this behavior programatically (i.e., from your dissector) however.

permanent link

answered 15 Sep '13, 12:55

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×637
×56

question asked: 14 Sep '13, 20:20

question was seen: 3,290 times

last updated: 15 Sep '13, 12:55

p​o​w​e​r​e​d by O​S​Q​A