This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark 2.0 Expert Info: error

0

15 TNS: C:\buildbot\wireshark\wireshark-2.0-64\win7x64\build\epan\dissectors\packet-tcp.c:2643: failed assertion "proto_desegment && pinfo->can_desegment"

asked 11 Nov '15, 08:53

philvilla's gravatar image

philvilla
11445
accept rate: 0%

Can you share the capture that caused that? The appropriate place for that is on the Wireshark Bugzilla.

(11 Nov '15, 09:25) grahamb ♦

I am really sorry it has proprietary information in it so I am unable too.

(11 Nov '15, 09:39) philvilla

Are you using a proprietary dissector? Because this assertion usually means that a dissector on top of TCP one is misusing the API.

(11 Nov '15, 10:52) Pascal Quantin

One Answer:

0

The assertion you mentioned is reported in this part of packet-tcp.c:

    plen = (*get_pdu_len)(pinfo, tvb, offset, dissector_data);
    if (plen == 0) {
        /*
         * Support protocols which have a variable length which cannot
         * always be determined within the given fixed_len.
         */
        DISSECTOR_ASSERT(proto_desegment && pinfo->can_desegment);
        pinfo->desegment_offset = offset;
        pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
        return;
    }

This assertion was added in v1.99.4rc0-5-g4ca3dba and when tripped, it means that your dissector routine has requested desegmentation (because the "PDU length" is 0), but it is not supported by the layer above it (maybe you have disabled the "Allow subdissector to reassemble TCP streams" preference for the TCP protocol).

If you are the author of the dissector, check:

  • Whether you really want the new behavior introduced by above commit. Before that commit, the value 0 would typically cause a bounds error (Dissector error / "Malformed Packet").
  • If you actually want to activate desegmentation, check whether the parent protocol supports it. If there is an extra layer between TCP and your protocol (for example, a HTTP proxy tunnel), check that desegmentation functionality is preserved. The desegmentation functionality can be preserved by incrementing pinfo->can_desegment before calling another dissector. There was a bug that broke HTTP2 desegmentation, fixed in this commit

If you are a user, please include these details in a bug report:

  • A packet capture reproducing the issue. If it is proprietary, you can mark a capture as private such that only Wireshark core developers can see it.
  • If you are unable to provide the full capture, at least post the single packet (and/ or the textual dissection from tshark -r your.pcap -V -Y frame.number==123). This should hopefully make it possible to find out what protocols are involved.
  • The Wireshark version you are using (see About -> Version or tshark -version).

answered 12 Nov '15, 02:08

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%