Wireshark-bugs: [Wireshark-bugs] [Bug 5117] New: tcp_dissect_pdus: Possible bug related to appen

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 16 Aug 2010 18:42:15 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5117

           Summary: tcp_dissect_pdus: Possible bug related to appending to
                    COL_INFO ?
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: wmeier@xxxxxxxxxxx


Build Information:
SVN
--
The following code fragment (based upon code in packet-fcgi.c) is written to
append some text to COL_INFO for each PDU encountered when dissecting a
protocol running over TCP.

static void dissect_record(...) {
   ...
   col_clear(pinfo->cinfo, COL_INFO);
   col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
                      val_to_str(type, record_types, "Unknown (%u)"));
   col_set_fence(pinfo->cinfo, COL_INFO);
   ...
}

tcp_dissect_pdus(...., dissect_record) {
   ...
}

When there are multiple PDUs in a TCP frame, only the col_append... for the
first PDU succeeds; The col_appends for the rest of the PDUs in the frame are
ignored.


My question: 
 Should the above code work or is there a different way to accomplish the
 objective ?

This issue can be seen with the new FCGI dissector recently committed.
Look at Frame #98 in the capture file attached to Bug #5067.
There should be 3 "record types" in the INFO column, not 1.


--------
Looking at packet-tcp.c it appears that col_set_writable(...,FALSE) is called
after the first PDU in a frame thus prevents further appending to COL_INFO.

I don't really understand this code so I'm filing this as a possible bug for
review by someone knowledgeable about this code.  :)


    ...
    if(another_pdu_follows){
        /* there was another pdu following this one. */
        pinfo->can_desegment=2;
        /* we also have to prevent the dissector from changing the
         * PROTOCOL and INFO colums since what follows may be an
         * incomplete PDU and we dont want it be changed back from
         *  <Protocol>   to <TCP>
         * XXX There is no good way to block the PROTOCOL column
         * from being changed yet so we set the entire row unwritable.
         * The flag cleared_writable stores the initial state.
         */
        col_set_fence(pinfo->cinfo, COL_INFO);
        cleared_writable |= col_get_writable(pinfo->cinfo);
        col_set_writable(pinfo->cinfo, FALSE);
        offset += another_pdu_follows;
        seq += another_pdu_follows;
        goto again;
    else
        ...

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.