https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3785
--- Comment #8 from aandres@xxxxxxxxxx 2010-03-01 00:45:31 PST ---
(In reply to comment #6)
Hi again Chris.
My apologies in advance.
Found the problem... and it was my fault :)
I was applying your patch in the wrong place (the current req_resp_hdrs.c
differs from yours), in fact I was patching the "if (content_length_found)"
block instead of the "if (content_type_found && pinfo->can_desegment)" block.
Now it works like a charm...
mad:/usr/local/src/wireshark-svn# ./tshark -n -o
"tcp.desegment_tcp_streams:TRUE" -o "http.desegment_headers:TRUE" -o
"http.desegment_body:TRUE" -r /usr/local/src/pcap/two-get-1-resp.pcap -R
"http.request.method != 0 or http.response.code != 0"
Running as user "root" and group "root". This could be dangerous.
4 0.173513 192.168.2.200 -> 195.20.242.89 HTTP GET
/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_amd64.deb HTTP/1.1
GET /pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_amd64.deb
HTTP/1.1
85 1.352351 195.20.242.89 -> 192.168.2.200 HTTP HTTP/1.1 200 OK
(application/x-debian-package)
257 1.916961 195.20.242.89 -> 192.168.2.200 HTTP HTTP/1.1 200 OK
(application/x-debian-package)
Unfortunately now the tcp-bad-order.pcap is not rightly decoded...
mad:/usr/local/src/wireshark-svn# ./tshark -n -o
"tcp.desegment_tcp_streams:TRUE" -o "http.desegment_headers:TRUE" -o
"http.desegment_body:TRUE" -r /usr/local/src/pcap/tcp-bad-order.pcap -R
"http.request.method != 0 or http.response.code != 0"
Running as user "root" and group "root". This could be dangerous.
4 0.062535 172.17.1.41 -> 195.76.187.83 HTTP GET / HTTP/1.1
10 0.142165 172.17.1.41 -> 195.76.187.83 HTTP GET /favicon.ico HTTP/1.1
14 0.272430 195.76.187.83 -> 172.17.1.41 HTTP HTTP/1.1 200 OK (text/plain)
So, patching the "if (content_length_found)" block the tcp-bad-order.pcap file
is correctly decoded but then the two-get-1-resp.pcap file is badly decoded.
Maybe can I open a new bug assigned to this issue? I'm not sure because it
seems related in some way.
Cheers.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.