This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Handling TCP Retransmission in a Wireshark Dissector

0

I'm working with a Wireshark dissector that interprets an application layer protocol built on top of TCP.

I'm trying to fix a bug in the dissector in which it is trying to reassemble a packet with a TCP retransmitted packet. The retransmitted packet should be ignored because the original has already been dissected.

I've stepped through with gdb and looked at the contents of pinfo and pinfo->fd related to the retransmitted packet, but I couldn't find anything indicating that it is a retransmission.

I'm sure I'm missing something simple since this must be a common problem. My desperate web searching isn't proving fruitful, but I notice this:

http://www.wireshark.org/lists/ethereal-dev/200308/msg00466.html

Quoting from there:

Is it to detect retransmissions? If so the TCP itself already have code to do so.

That makes me hopeful, but what does that mean? What is "the TCP"? Is there some Wireshark TCP library I can call into to see if the bytes from the packet I'm dissecting comes from a TCP retransmission?

Thanks!


Update

I'm noticing that tcp_dissect_pdus is generally used for such things. If I'm understanding things right, it takes care of retransmission for you automatically, right? Here's my concern, though: my dissector may or may not be called by another dissector between it and tcp which itself would have used tcp_dissect_pdus. Does that preclude me from using it? That is, from the perspective of my dissector, I'm not sure whether I'm on top of this other layer or not and therefore won't know how to indicate to tcp_dissect_pdus how to interpret the application layer data. Perhaps I can indicate the existence of this other layer somehow from the other dissector that may call this one?

asked 14 Sep '13, 20:20

firebush's gravatar image

firebush
21337
accept rate: 0%

edited 14 Sep '13, 21:00


One Answer:

0

Up until relatively recently TCP would always call subdissectors even when the packets are retransmitted. But since revision 42774 there has been a preference that controls that: tcp.no_subdissector_on_error.

The commit message for that revision explains at length why it's done this way and why the preference was put in. There does not appear to be a way to set this behavior programatically (i.e., from your dissector) however.

answered 15 Sep '13, 12:55

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%