http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1124
Summary: Application level protocol PDUs not dissected properly
if minimal header broken across packets
Product: Wireshark
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: jhoger@xxxxxxxxx
Problem:
Application level protocol PDUs are not dissected properly if the minimal
header broken across packets.
Using tcp_dissect_pdus I have been having issues with improper
dissection of application level protocol PDUs with my proprietary
protocol.
So that this problem can be efficiently debugged, I have reproduced
the issue against a BitTorrent peer.
Problem:
tcp_dissect_pdus is used by many dissectors to extract PDUs from the
arbitrarily fragmented TCP stream. It is provided a "PDU measure"
callback routine and a minimum length prefix of the packet required to
determine the length of the entire PDU. The PDU measure routine is
only called if sufficient bytes (the minimum length prefix) can be
provided
I have discovered that BitTorrent, and likely all dissectors that use
tcp_dissect_pdus are broken in the case that the minimum length prefix
is broken across TCP segments.
I do not know if the problem is directly related to tcp_dissect_pdus
or is a more general problem with desegmentation.
I will attach a capture file I used which demonstrates the bug.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.