Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9782] New: TCP Reassembly Failed

Wireshark-bugs: [Wireshark-bugs] [Bug 9782] New: TCP Reassembly Failed

Date: Mon, 17 Feb 2014 09:25:07 +0000

Bug ID	9782
Summary	TCP Reassembly Failed
Classification	Unclassified
Product	Wireshark
Version	1.11.x (Experimental)
Hardware	x86-64
OS	All
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 12566 [details]
Sample dump file.

Build Information:
*** note: also tested on ubuntu with 1.10.6 ***

Version 1.11.3 (wireshark-1.11.3-rc1-1625-g337b2f7-dirty from master)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 12 2014),
with
AirPcap.

Running on 64-bit Windows 8.1, build 9600, with WinPcap version 4.1.3
(packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM) i7 CPU         920  @ 2.67GHz, with 12279MB of physical
memory.


Built using Microsoft Visual C++ 12.0 build 21005

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The TCP reassembly functionality failed when dissected data passed for
subsequent dissection to eth or frame dissector. But works when passed to data
dissector.

If you use sample lua dissector below on attached capture file, you can see
than frame #3 missing one chunk of stream data and reassembly information. This
breaks future dissection. However if you change sample dissector to process
dissected data using only data dissector, the frame #3 contain reassembly
information and lost data.

---------------------- START SAMPLE DISSECTOR -----------------------------
do
    local p_simplex = Proto("simplex", "SimplexProto");
    local f_type = ProtoField.uint16("simplex.type", "Type", base.HEX,
{[0x0080] = "Ethernet"})
    local f_length = ProtoField.uint16("simplex.length", "Length", base.DEC)
    local f_data = ProtoField.bytes("simplex.data", "Data")
    p_simplex.fields = {f_type, f_length, f_data}

    local data_dis = Dissector.get("data")
    local eth_dis = Dissector.get("eth")

    local function simplex_common(tvb, pinfo, tree, offset)
        local type = tvb(offset + 0, 2):uint()
        local length = tvb(offset + 2, 2):uint()
        local l_tree = tree:add(p_simplex, tvb(offset + 0, length + 4))
        l_tree:add(f_type, tvb(offset + 0, 2))
        l_tree:add(f_length, tvb(offset + 2, 2))
        l_tree:add(f_data, tvb(offset + 4, length))
--        data_dis:call(tvb(offset + 4, length):tvb(), pinfo, tree)
        eth_dis:call(tvb(offset + 4, length):tvb(), pinfo, tree)
    end

    function p_simplex.dissector(tvb, pinfo, tree)
        local processed = 0;
        local reported = tvb:reported_len()
        debug(">>> dissector(" .. pinfo.number .. "): reported=" .. reported)
        while processed < reported do
            local available = reported - processed
            if available < 4 then
                warn("!!! dissector(" .. pinfo.number .. "):
REQUEST_DESEGMENT")
                pinfo.desegment_offset = processed;
                pinfo.desegment_len = required - available;
                break
            end
            if tvb(processed, 2):uint() ~= 0x0080 then
                warn("!!! dissector(" .. pinfo.number .. "): BROKEN_STREAM")
                break;
            end
            local required = tvb(processed + 2, 2):uint() + 4;
            info("*** dissector(" .. pinfo.number .. "): available=" ..
available .. " required=" .. required)
            if available < required then
                warn("!!! dissector(" .. pinfo.number .. "):
REQUEST_DESEGMENT")
                pinfo.desegment_offset = processed;
                pinfo.desegment_len = required - available;
                break
            end
            simplex_common(tvb, pinfo, tree, processed)
            processed = processed + required
        end
        debug("<<< dissector(" .. pinfo.number .. "): processed=" .. processed)
        return processed;
    end

    local tcp_encap_table = DissectorTable.get("tcp.port")
        tcp_encap_table:add(22222, p_simplex)
end
---------------------- END SAMPLE DISSECTOR -----------------------------

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 9781] New: Add column for capture interface name and interface description
Next by Date: [Wireshark-bugs] [Bug 9781] Add fields for capture interface name and interface description
Previous by thread: [Wireshark-bugs] [Bug 9781] Add fields for capture interface name and interface description
Next by thread: [Wireshark-bugs] [Bug 9520] Add RFC 6514 support to BGP dissector
Index(es):
- Date
- Thread