Wireshark-bugs: [Wireshark-bugs] [Bug 8787] 9P dissector - compute fids on first visit

Date: Tue, 30 Jul 2013 19:25:48 +0000

Comment # 17 on bug 8787 from
(In reply to comment #16)
> I also just found out that in the sample I gave you in the previous issue,
> there also was (at least) one 9P message cut in two TCP packets... Which is
> perfectly legal, but ends up completely misinterpreted. Most end up
> recognized as junk, but I noticed this one because the "version" field was
> wrong for the whole conversation because of this one :/
> As I said this does not utterly bother me as it is pretty rare (and I don't
> usually look at tcp messages anyway, but that's a tad more complicated
> although it provides me with perfectly-cut packets :D), but I'd think this
> is worth investigating if there is anything commonly done in other
> dissectors.

This actually looks easier than I thought it'd be with tcp_dissect_pdus... Is
what I'd like to say, but I'm having issues because my actual maximum packet
length is 1MB, and I couldn't manage to write a pcap packet larger than 64KB,
so things are getting quite messy with my own packet sniffer truncating
packets.
I guess I could also truncate in the dissector, saying that if a message
payload is larger than 64k cut it there, but I'm not sure I like the idea.

Sooo.. I'll slackly keep looking, but I'd rather have the current patch looked
at as it is and I'll open a new ticket when I've found something I like
someday(tm) :)

Cheers,
Dominique


You are receiving this mail because:
  • You are watching all bug changes.