I wrote a dissector,
I found one packet which contains couple of different/indifferent messages inside it,
Can someone point on the problem ?
Is this even a problem ?
I reassemble TCP packets...
This is the function of dissection:
(FRAME_HEADER_LEN = 8)
static void
dissect_PROTOC(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
//Reassembling TCP fragments
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
get_PROTOC_message_len, dissect_PROTOC_message);
}
static guint get_PROTOC_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
/* the packet's size is "length" + 4bytes of TYPESIZE + 4bytes of LENGTHSIZE + 256bytes of CONTEXTIDSIZE */
return (guint)(tvb_get_ntohl(tvb, offset + 4) + CONTEXT_ID_SIZE + TYPE_SIZE + LENGTH_SIZE); /* e.g. length is at offset 4 */
}
static void dissect_PROTOC_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* my dissecting code */
guint32 packet_type = tvb_get_ntohl(tvb, 0);
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PROTOC");
/* Clear out stuff in the info column */
col_clear(pinfo->cinfo,COL_INFO);
col_add_fstr(pinfo->cinfo, COL_INFO, "%d > %d [%s]",pinfo->srcport, pinfo->destport,
val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));
if (tree) { /* we are being asked for details */
proto_item *ti = NULL;
proto_tree *PROTOC_tree = NULL;
proto_item *PROTOC_data = NULL;
proto_tree *PROTOC_data_tree = NULL;
guint32 type = 0;
guint32 length = 0;
gint offset = 0;
ti = proto_tree_add_item(tree, proto_PROTOC, tvb, 0, -1, ENC_NA);
proto_item_append_text(ti, ", Type: %s",
val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));
PROTOC_tree = proto_item_add_subtree(ti, ett_PROTOC);
//getting type
type = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(PROTOC_tree, hf_PROTOC_pdu_type, tvb, 0, TYPE_SIZE, ENC_BIG_ENDIAN);
offset += TYPE_SIZE;
//getting length for the data length
length = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(PROTOC_tree, hf_PROTOC_len, tvb, offset, LENGTH_SIZE, ENC_BIG_ENDIAN);
offset += LENGTH_SIZE;
proto_tree_add_item(PROTOC_tree, hf_PROTOC_contextid, tvb, offset, CONTEXT_ID_SIZE, ENC_BIG_ENDIAN);
offset += CONTEXT_ID_SIZE;
PROTOC_data = proto_tree_add_item(PROTOC_tree, hf_PROTOC_data, tvb, offset, length, FALSE);
PROTOC_data_tree = proto_item_add_subtree(PROTOC_data, ett_PROTOC_data);
offset += length;
}
}
I found one packet which contains couple of different/indifferent messages inside it,
...
I reassemble TCP packets...
That's pretty common for protocols running over TCP; there is no guarantee that TCP segment boundaries will correspond to packet boundaries in protocols running on top of TCP. A TCP segment can contain parts of, or all of, more than one higher-level protocol packet, and a higher-level protocol packet can be composed of data from more than one TCP segment.
Related
I am validating DPDK receive functionality & for this I'm shooting a pcap externally &
added code in l2fwd to dump received packets to pcap, the l2fwd dumped pcap have all the packets from shooter but some of them are not in sequence.
Shooter is already validated.
DPDK version in use-21.11
link of the pcap used : https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/tcp-ecn-sample.pcap
Out of order packets are random. For the first run I saw no jumbled packets but was able to replicate the issue on second run with the 2nd,3rd,4th packets jumbled having order 3,4,2.
Below is snipped from l2fwd example & our modifications as //TESTCODE..
/* Read packet from RX queues. 8< */
for (i = 0; i < qconf->n_rx_port; i++) {
portid = qconf->rx_port_list[i];
nb_rx = rte_eth_rx_burst(portid, 0,
pkts_burst, MAX_PKT_BURST);
port_statistics[portid].rx += nb_rx;
for (j = 0; j < nb_rx; j++) {
m = pkts_burst[j];
// TESTCODE_STARTS
uint8_t* pkt = rte_pktmbuf_mtod(m, uint8_t*);
dump_to_pcap(pkt, rte_pktmbuf_pkt_len(m));
// TESTCODE_ENDS
rte_prefetch0(rte_pktmbuf_mtod(m, void *));
l2fwd_simple_forward(m, portid);
}
}
/* >8 End of read packet from RX queues. */
Below is code for dump_to_pcap
static int
dump_to_pcap(uint8_t* pkt, int pkt_len)
{
static FILE* fp = NULL;
static int init_file = 0;
if (0 == init_file) {
printf("Creating pcap\n");
char pcap_filename[256] = { 0 };
char Two_pcap_filename[256] = { 0 };
currentDateTime(pcap_filename);
sprintf(Two_pcap_filename,".\\Rx_%d_%s.pcap", 0, pcap_filename);
printf("FileSName to Create: %s\n", Two_pcap_filename);
fp = fopen(Two_pcap_filename, "wb");
if (NULL == fp) {
printf("Unable to open file\n");
fp = NULL;
}
else {
printf("File create success..\n");
init_file = 1;
typedef struct pcap_file_header1 {
unsigned int magic; // a 32-bit "magic number"
unsigned short version_major; //a 16-bit major version number
unsigned short version_minor; //a 16-bit minor version number
unsigned int thiszone; //a 32-bit "time zone offset" field that's actually not used, so ou can (and probably should) just make it 0
unsigned int sigfigs; //a 32-bit "time stamp accuracy" field that's not actually used,so you can (and probably should) just make it 0;
unsigned int snaplen; //a 32-bit "snapshot length" field
unsigned int linktype; //a 32-bit "link layer type" field
}dumpFileHdr;
dumpFileHdr file_hdr;
file_hdr.magic = 2712847316; //0xa1b2c3d4;
file_hdr.version_major = 2;
file_hdr.version_minor = 4;
file_hdr.thiszone = 0;
file_hdr.sigfigs = 0;
file_hdr.snaplen = 65535;
file_hdr.linktype = 1;
fwrite((void*)(&file_hdr), sizeof(dumpFileHdr), 1, fp);
//printf("Pcap Header written\n");
}
}
typedef struct pcap_pkthdr1 {
unsigned int ts_sec; /* time stamp */
unsigned int ts_usec;
unsigned int caplen; /* length of portion present */
unsigned int len; /* length this packet (off wire) */
}dumpPktHdr;
dumpPktHdr pkt_hdr;
static int ts_sec = 1;
pkt_hdr.ts_sec = ts_sec++;
pkt_hdr.ts_usec = 0;
pkt_hdr.caplen = pkt_hdr.len = pkt_len;
if (NULL != fp) {
fwrite((void*)(&pkt_hdr), sizeof(dumpPktHdr), 1, fp);
fwrite((void*)(pkt), pkt_len, 1, fp);
fflush(fp);
}
return 0;
}
I am trying to record the audio in segment of 40ms.
Audio Queue Interface can deal with 40ms Audio Frame?
If 'Yes' then how can we achieve it?
Thanks.
yes, its possible , you need to set configure AudioQueue Accordingly,
Basically the AudioQueue Buffer size, has to be set for 40ms, so it would be around,
int AQRecorder::ComputeRecordBufferSize(const AudioStreamBasicDescription *format, float seconds)
{
int packets, frames, bytes = 0;
try {
frames = (int)ceil(seconds * format->mSampleRate);
if (format->mBytesPerFrame > 0)
bytes = frames * format->mBytesPerFrame;
else {
UInt32 maxPacketSize;
if (format->mBytesPerPacket > 0)
maxPacketSize = format->mBytesPerPacket; // constant packet size
else {
UInt32 propertySize = sizeof(maxPacketSize);
XThrowIfError(AudioQueueGetProperty(mQueue, kAudioQueueProperty_MaximumOutputPacketSize, &maxPacketSize,
&propertySize), "couldn't get queue's maximum output packet size");
}
if (format->mFramesPerPacket > 0)
packets = frames / format->mFramesPerPacket;
else
packets = frames; // worst-case scenario: 1 frame in a packet
if (packets == 0) // sanity check
packets = 1;
bytes = packets * maxPacketSize;
}
} catch (CAXException e) {
char buf[256];
return 0;
}
return bytes;
}
and to set the format,
void AQRecorder::SetupAudioFormat(UInt32 inFormatID)
{
AudioStreamBasicDescription sRecordFormat;
FillOutASBDForLPCM (sRecordFormat,
SAMPLING_RATE,
1,
8*BYTES_PER_PACKET,
8*BYTES_PER_PACKET,
false,
false
);
memset(&mRecordFormat, 0, sizeof(mRecordFormat));
mRecordFormat.SetFrom(sRecordFormat);
}
for my case, values of these Macros are,
#define SAMPLING_RATE 16000
#define kNumberRecordBuffers 3
#define BYTES_PER_PACKET 2
I'm wrote a wireshark dissector named PLUGIN.
Now when I'm testing it, for some reason a packet of type X can be seen on the wireshark as PLUGIN (like it should), and some other packets afterwards, of the same type X cannot be seen as PLUGIN.
The other packets can be found in the .pcap as [TCP segment of a reassembled PDU]
The question is: why doesn't WireShark dissect other packets of type X like the first packet of type X and shows it to me as PLUGIN ?
Why does the dissection works only for the first time?
I use functions for assembling fragments of chopped packets:
tcp_dissect_pdus()
get_PLUGIN_message_len()
as written in "9.4.2. How to reassemble split TCP Packets"
in "http://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html#TcpDissectPdus"
This is the function of dissection:
(FRAME_HEADER_LEN = 8)
static void
dissect_PROTOC(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
//Reassembling TCP fragments
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
get_PROTOC_message_len, dissect_PROTOC_message);
}
static guint get_PROTOC_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
/* the packet's size is "length" + 4bytes of TYPESIZE + 4bytes of LENGTHSIZE + 256bytes of CONTEXTIDSIZE */
return (guint)(tvb_get_ntohl(tvb, offset + 4) + CONTEXT_ID_SIZE + TYPE_SIZE + LENGTH_SIZE); /* e.g. length is at offset 4 */
}
static void dissect_PROTOC_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* my dissecting code */
guint32 packet_type = tvb_get_ntohl(tvb, 0);
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PROTOC");
/* Clear out stuff in the info column */
col_clear(pinfo->cinfo,COL_INFO);
col_add_fstr(pinfo->cinfo, COL_INFO, "%d > %d [%s]",pinfo->srcport, pinfo->destport,
val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));
if (tree) { /* we are being asked for details */
proto_item *ti = NULL;
proto_tree *PROTOC_tree = NULL;
proto_item *PROTOC_data = NULL;
proto_tree *PROTOC_data_tree = NULL;
guint32 type = 0;
guint32 length = 0;
gint offset = 0;
ti = proto_tree_add_item(tree, proto_PROTOC, tvb, 0, -1, ENC_NA);
proto_item_append_text(ti, ", Type: %s",
val_to_str(packet_type, packettypenames, "Unknown (0x%02x)"));
PROTOC_tree = proto_item_add_subtree(ti, ett_PROTOC);
//getting type
type = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(PROTOC_tree, hf_PROTOC_pdu_type, tvb, 0, TYPE_SIZE, ENC_BIG_ENDIAN);
offset += TYPE_SIZE;
//getting length for the data length
length = tvb_get_ntohl(tvb, offset);
proto_tree_add_item(PROTOC_tree, hf_PROTOC_len, tvb, offset, LENGTH_SIZE, ENC_BIG_ENDIAN);
offset += LENGTH_SIZE;
proto_tree_add_item(PROTOC_tree, hf_PROTOC_contextid, tvb, offset, CONTEXT_ID_SIZE, ENC_BIG_ENDIAN);
offset += CONTEXT_ID_SIZE;
PROTOC_data = proto_tree_add_item(PROTOC_tree, hf_PROTOC_data, tvb, offset, length, FALSE);
PROTOC_data_tree = proto_item_add_subtree(PROTOC_data, ett_PROTOC_data);
offset += length;
}
}
more information:
I opened the file.pcap on some hex editor and I can see my packets that the wireshark doesn't dissect...
Inside wireshark I can find a packet that wireshark doesn't dissect, with the info of: "[TCP segment of a reassembled PDU]", but it doesn't say to which reassemble packet it belong, and I can't find it anywhere...
I would speculate that your calculated length does not match the reality. If wireshark does not think it has all the frames it needs to complete the PDU, then I guess it might not call dissect_PROTOC_message()
You could try to print your calculated lengths and then verify that the pcap file contains that many frames:
static guint get_PROTOC_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
/* the packet's size is "length" + 4bytes of TYPESIZE + 4bytes of LENGTHSIZE + 256bytes of CONTEXTIDSIZE */
guint len = (guint)(tvb_get_ntohl(tvb, offset + 4) + CONTEXT_ID_SIZE + TYPE_SIZE + LENGTH_SIZE); /* e.g. length is at offset 4 */
g_warning("frame=%d PDU len=%d", pinfo->fd->num, len);
return len;
}
I am runnig the follwoing code using shared memory:
__global__ void computeAddShared(int *in , int *out, int sizeInput){
//not made parameters gidata and godata to emphasize that parameters get copy of address and are different from pointers in host code
extern __shared__ float temp[];
int tid = blockIdx.x * blockDim.x + threadIdx.x;
int ltid = threadIdx.x;
temp[ltid] = 0;
while(tid < sizeInput){
temp[ltid] += in[tid];
tid+=gridDim.x * blockDim.x; // to handle array of any size
}
__syncthreads();
int offset = 1;
while(offset < blockDim.x){
if(ltid % (offset * 2) == 0){
temp[ltid] = temp[ltid] + temp[ltid + offset];
}
__syncthreads();
offset*=2;
}
if(ltid == 0){
out[blockIdx.x] = temp[0];
}
}
int main(){
int size = 16; // size of present input array. Changes after every loop iteration
int cidata[] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
/*FILE *f;
f = fopen("invertedList.txt" , "w");
a[0] = 1 + (rand() % 8);
fprintf(f, "%d,",a[0]);
for( int i = 1 ; i< N; i++){
a[i] = a[i-1] + (rand() % 8) + 1;
fprintf(f, "%d,",a[i]);
}
fclose(f);*/
int* gidata;
int* godata;
cudaMalloc((void**)&gidata, size* sizeof(int));
cudaMemcpy(gidata,cidata, size * sizeof(int), cudaMemcpyHostToDevice);
int TPB = 4;
int blocks = 10; //to get things kicked off
cudaEvent_t start, stop;
cudaEventCreate(&start);
cudaEventCreate(&stop);
cudaEventRecord(start, 0);
while(blocks != 1 ){
if(size < TPB){
TPB = size; // size is 2^sth
}
blocks = (size+ TPB -1 ) / TPB;
cudaMalloc((void**)&godata, blocks * sizeof(int));
computeAddShared<<<blocks, TPB,TPB>>>(gidata, godata,size);
cudaFree(gidata);
gidata = godata;
size = blocks;
}
//printf("The error by cuda is %s",cudaGetErrorString(cudaGetLastError()));
cudaEventRecord(stop, 0);
cudaEventSynchronize(stop);
float elapsedTime;
cudaEventElapsedTime(&elapsedTime , start, stop);
printf("time is %f ms", elapsedTime);
int *output = (int*)malloc(sizeof(int));
cudaMemcpy(output, gidata, sizeof(int), cudaMemcpyDeviceToHost);
//Cant free either earlier as both point to same location
cudaError_t chk = cudaFree(godata);
if(chk!=0){
printf("First chk also printed error. Maybe error in my logic\n");
}
printf("The error by threadsyn is %s", cudaGetErrorString(cudaGetLastError()));
printf("The sum of the array is %d\n", output[0]);
getchar();
return 0;
}
Clearly, the first while loop in computeAddShared is causing out of bounds error because I am allocating 4 bytes to shared memory. Why does cudamemcheck not catch this. Below is the output of cuda-memcheck
========= CUDA-MEMCHECK
time is 12.334816 msThe error by threadsyn is no errorThe sum of the array is 13
6
========= ERROR SUMMARY: 0 errors
Shared memory allocation granularity. The Hardware undoubtedly has a page size for allocations (probably the same as the L1 cache line side). With only 4 threads per block, there will "accidentally" be enough shared memory in a single page to let you code work. If you used a sensible number of threads block (ie. a round multiple of the warp size) the error would be detected because there would not be enough allocated memory.
I have the following code
int ParseData(unsigned char *packet, int len)
{
struct ethhdr *ethernet_header;
struct iphdr *ip_header;
struct tcphdr *tcp_header;
unsigned char *data;
int data_len;
/* Check if any data is there */
if(len > (sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr)))
{
ip_header = (struct iphdr*)(packet + sizeof(struct ethhdr));
data = (packet + sizeof(struct ethhdr) + ip_header->ihl*4 + sizeof(struct tcphdr));
data_len = ntohs(ip_header->tot_len) - ip_header->ihl*4 - sizeof(struct tcphdr);
if(data_len)
{
printf("Data Len : %d\n", data_len);
PrintData("Data : ", data, data_len);
printf("\n\n");
return 1;
}
else
{
printf("No Data in packet\n");
return 0;
}
}
}
I am trying to print in ASCII the payload and with a simple function like this
PrintData(char *mesg, unsigned char *p, int len)
{
printf(mesg);
while(len--)
{
if(isprint(*p))
printf("%c", *p);
else
printf(".");
p++;
}
}
The code looks good, no compile problems/warning. The problem is that the first payload
character is not being print at position 0, but 12 bytes later.
I thought that all the "len" bytes are the exact data I have to print.
My data point at
data = (packet + sizeof(struct ethhdr) + ip_header->ihl*4 + sizeof(struct tcphdr));
however data[0] is not printable. What is the problem? Do I miss something? Do I have to check for the TCP options part maybe?
Thanks
That's right, adding the sizeof(struct tcphdr) is only going to get you past the header, not the options. To get to the actual data, you should use the 'offset' field from the TCP header. The offset is calculated from the start of the TCP header and is in 4-byte units, e.g. if the offset is 8 then the header + options length is 32.