0

I am using pcapplusplus library for tcp packet processing in c++. When i am receiving packets greater than MTU size, which is 1500 bytes, my program stops further processing as TcpReassembly is not processing that packet. Due to this onMessageReadyCallback is not calling for that packet.

And more serious, as that packet is being ignored by tcpReassembly, the corresponding sequence no, lets say x, of that packet is being ignored too. So my program is not able to process any other incoming packet as it expects a sequence no of x but tcpReassmbly had already ignored that packet so it is not going to receive packet of sequence no x and the program execution stops.

So my question is do we have a way to direct tcpReassembly do not ignore packets greater than MTU size. Just forward it to respective function callback?

rdx
  • 101
  • 1
  • 7
  • Are you sure you are actually _receiving_ packets greater than MTU? The reason I am asking is that MTU is "maximum transfer unit", which I understand to be the maximum number of bytes the network card will receive/accept packets anyway. So I am wondering why you are saying you are _receiving_ these packets. Are you sure they are not been discarded by the network adapter before pcap has a chance to see them? – Hajo Kirchhoff Nov 20 '21 at 17:18
  • Also: There is a setting "jumbo frames" in the network card _driver_. The fact that the setting is in the _driver_ and not all network adapters support this seems to indicate that packets greater than a certain size will not be received by the hardware. – Hajo Kirchhoff Nov 20 '21 at 17:26
  • @HajoKirchhoff Yes I am receiving packets greater than MTU size. THis is due to TCP segmentation offload. You can read more about it by searching it on google. This is good read though: https://stackoverflow.com/questions/53170924/packets-are-greater-than-configured-mtu – rdx Nov 21 '21 at 13:26
  • @rdx can you please post the code + pcap file that reproduces this issue? I have a few questions: (1) How are you using `TcpReassebmly`? Are you capturing packets with `PcapLiveDevice` and then call `reassemblePacket()`? (2) Do you see `reassemblePacket()` getting called with these jumbo packets? (3) I'm not sure how TCP segmentation offloading works, but are you sure the packets sent to `TcpReassebmly` have the original IP and TCP headers (e.g IP addresses, TCP ports, etc.)? `TcpReassebmly` relies on the headers to determine the flow and the direction, otherwise these packets are ignored – seladb Nov 22 '21 at 07:00
  • @seladb I got the problem. Answering your questions first. 1. Basicallly I am using TcpReassembly to reassemble the incoming tcp packets on pcapLiveDevice. 2. The program execution stopped when encountering a jumbo packet. I tried to debug it but found beforehand where the problem is occuring. 3. Ya packets sent have original Tcp headers and other information as well. – rdx Nov 23 '21 at 08:03
  • @seladb Now lemme state where the problem was occuring. I had a pcap file and i am using tcpreplay to replay those packets on an interface. But tcpreplay doesn't replay jumbo packets. It simply ignored those packets. So when that packet is ignored, TcpReassembly was waiting for that sequence number, but it will never got that sequence no in future also because that sequence no is ignored already. Although next packets will come, but TcpReassembly doesn't go ahead without receiving that ignored sequence no packet. So program execution stopped. – rdx Nov 23 '21 at 08:11
  • The main problem was with tcpreplay, not with TcpReassembly. Btw, Thanks for helping!! – rdx Nov 23 '21 at 08:11
  • @rdx thanks for sharing your findings, it might help other users that use `tcpreplay` – seladb Nov 23 '21 at 08:49
  • 1
    Maybe you can consider adding an answer with these findings to make it more visible – seladb Nov 23 '21 at 08:50

1 Answers1

1

Basically the problem was with tcpreplay and not the pcpp::TcpReassembly. Tcpreplay can’t send packets which are larger than the MTU of the interface [https://tcpreplay.appneta.com/wiki/faq.html].

So Now lemme state where the problem was occuring. I had a pcap file and I was using tcpreplay to replay those packets on an interface. But tcpreplay doesn't replay jumbo packets. It simply ignored those packets.

So when that packet is ignored, TcpReassembly was waiting for that sequence number, but it would never got that sequence number in future also because that sequence number was ignored already.

Although next packets will come, but TcpReassembly doesn't go ahead without receiving that ignored sequence no packet. So program execution stopped, much like that the application hanged, but that's on tcpreplay end, not the TcpReassembly end. You need not worry about TcpReassembly, it will reassemble any packet that it would receive. There is not any limitation with MTU size. I checked the cpp file of TcpReassembly as well and there is no check that if packet size is greater than MTU size, then ignore packet.

rdx
  • 101
  • 1
  • 7