Wireshark-dev: Re: [Wireshark-dev] [PATCH] bugfix : ICMP unreachable and tcp seq not shown
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Fri, 15 Dec 2006 15:49:13 +0800

Sebastien Tandel wrote:

I am not sure it's broken ...

ICMP and ICMPv6 are rather different ...
- ICMP states that you have to put the IP header + 64 bits of data
- ICMPv6 RFC states, and I quote, you have to put
"As much of invoking packet as will fit without the ICMPv6 packet
exceeding the minimum IPv6 MTU [IPv6]"

IPv6 MTU may vary ... but should certainly include the TCP seq number.
For that field, IMHO, I think we are safe.

Sorry, I guess I wasn't clear.  Your code will not show the sequence 
number in IPv6 because you're searching for the string "icmp:ip" whereas 
in IPv6 it'll be "icmpv6:ipv6".

Anyway, I think a better way for the patch to work would be to check the 
"pinfo->in_error_pkt" field (set to TRUE by ICMP before calling the IP 
subdissector).  I'll try that tonight.

However, you raise an interesting point for IPv6: what if there's enough 
TCP in there that the regular TCP dissection puts (again) the sequence 
number in the tree?  I don't know what the chances of that are.

Nevertheless, if you want *all* the potential fields, wireshark is not
since IPv6 MTU is not a *fixed* parameter. Therefore the solution would
be to do the check for every item which is not added directly to the
tree. I don't know if it has a real interest ... it will probably mess a
little bit more the code of the TCP dissector.

True, probably not worth the effort.