http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2345
Summary: setting src/dst in an encapsulated proto breaks
reassembling of TCP
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: High
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: wireshark@xxxxxxx
Created an attachment (id=1530)
--> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1530)
trace file of TIPC-over-TCP (port 666) which can be dissected after applying
the patch attached to Bug 2335
Build Information:
wireshark 0.99.9 (SVN Rev 24583)
--
I am currently developing the encapsulation of TIPC in TCP. I updated the
Wireshark dissector to reassemble the packages segmented over multiple TCP
messages (bug #2335).
Now I figured out that setting the src and/or dst of the pinfo structure by
doing "SET_ADDRESS(&pinfo->src, AT_TIPC, 4, src_addr);" in the subdissector
breaks the reassembly of messages also starting (but not ending) in the very
same TCP packet. This is because the reassembly code uses the src and dst of
the pinfo structure as key to find the matching segments of the encapsulated
message.
I am attaching a trace file of TIPC-over-TCP demonstrating this. Before it can
be dissected at all, the patch in attachment #1523 of bug #2335 has to be
applied and then the TCP port in the preferences has to be set to 666.
Sample packages look like this:
##########################################
# TCP packet 1 # TIPC message 1 #
# # #
# # #
# # #
# # (sets pinfo->src) #
# # #
# # #
# ######################
# # TIPC message 2 #
# # part 1/2 #
##########################################
This package is dissected as "TIPC message 1".
##########################################
# TCP packet 2 # TIPC message 2 #
# # part 2/2 #
# # #
# (sets pinfo->src) # #
# # #
# # #
# # #
##########################################
This package is shown to be a "[TCP segment of a reassembled PDU]". TIPC
message 2 is not reassembled as pinfo->src (and pinfo->dst) of the two packets
do not match.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.