Wireshark · Wireshark-dev: Re: [Wireshark-dev] sigcomp - accessing state with a partial stateid >6 bytes

Wireshark-dev: Re: [Wireshark-dev] sigcomp - accessing state with a partial stateid >6 bytes

From: "Anders Broman" <a.broman@xxxxxxxxx>

Date: Tue, 5 Dec 2006 07:49:03 +0100

Checked in.
BR
Anders

-----Ursprungligt meddelande-----
Från: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] För cco
Skickat: den 4 december 2006 10:25
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] sigcomp - accessing state with a partial stateid
>6 bytes

On Wed, Nov 29, 2006 at 09:50:21AM +0100, cco wrote:
> On Tue, Nov 28, 2006 at 02:46:01PM +0100, Anders Broman (AL/EAB) wrote:
> >  
> > 
> > -----Original Message-----
> > From: wireshark-dev-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of cco
> > Sent: den 28 november 2006 11:56
> > To: Developer support list for Wireshark
> > Subject: [Wireshark-dev] sigcomp - accessing state with a partial state
> > id >6 bytes
> > 
> > >hi!
> > >
> > >it seems that wireshark fails to access a previous saved state when the
> > specified psi is longer than 6 bytes. and yes, >the state was saved at
> > END-MESSAGE(); at least this is what the debug message reports.
> > >
> > >here is the scenario:
> > 
> > >1. sigcomp pkt with bytecode is recv. sucessful decompression,
> > END-MESSAGE makes a state create request. state is saved >(it seems that
> > only the first six bytes of the state id are kept; no idea why) 2.
> > sigcomp packet tries to access prev. >saved state with a partial state
> > id. partial state id is longer than 6 bytes and wireshark fails. since
> > one of the 
> > >peers is able to decompress it I suspect there is a problem in
> > wireshark.
> > >
> > >thanks!
> > >bye now!
> > >cristian
> > 
> > Hi,
> > Wireshark will save the state id with the minimum access length in it's
> > hash table.
> > I guess that later when that state of 6 bytes is compareth with a state
> > of 8 bytes the comparison fails.
> > 
> > I think that ought to be changed to save the full 20 bytes state id and
> > the minimum access length
> > And the comparisson should then be made on the actual state id length
> > used, if greater then minimum length.
> 
> cristian: yes, this would be "Signaling Compression (RFC 3320)" compliant.
> 
> > 
> > I currently have little time to work on this you might want to file a
> > bugzilla report on this 
> > preferably with an example trace.
> 
> cristian: o.k. I will try that.

cristian: hi again. here is a patch (for the svn version) which tries to
fix this behaviour. compiled and tested it against the dumps that
contain sigcomp packets accessing state with partial state id > 6 bytes.
seems to work now.

however pls. have a look.

(off-topic?) after patching and compiling (svn) wireshark on my debian
notebook, when trying to access "Preferences" from gui, wireshark
coredumped. here is a bt:

(gdb) bt
#0  0x080f70a6 in pcap_findalldevs ()
#1  0x080f719d in pcap_findalldevs ()
#2  0x08062d94 in get_interface_list_findalldevs (err=0xbfb8b2ec,
err_str=0xbfb8b2f0
"P\237\"\b\uffff\uffff\uffff\uffff\uffff\uffff\uffff\uffff<\uffff\uffff\ufff
f\uffff\uffffN\uffff") at capture-pcap-util.c:271
#3  0x080a3da1 in capture_prefs_show () at capture_prefs.c:119
#4  0x08083ea0 in prefs_cb (w=0x8518148, dummy=0x0) at prefs_dlg.c:614
#5  0xb6b382a3 in gtk_item_factory_get_type () from
/usr/lib/libgtk-x11-2.0.so.0
#6  0xb675ae1b in g_cclosure_marshal_VOID__VOID () from
/usr/lib/libgobject-2.0.so.0
#7  0xb674d98b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#8  0xb675df2d in g_signal_chain_from_overridden () from
/usr/lib/libgobject-2.0.so.0
#9  0xb675f429 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#10 0xb675f5d9 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#11 0xb6c431c2 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#12 0xb6b61a1b in gtk_menu_shell_activate_item () from
/usr/lib/libgtk-x11-2.0.so.0
#13 0xb6b61d38 in gtk_menu_shell_activate_item () from
/usr/lib/libgtk-x11-2.0.so.0
#14 0xb6b5799f in gtk_menu_reorder_child () from
/usr/lib/libgtk-x11-2.0.so.0
#15 0xb6b51900 in _gtk_marshal_BOOLEAN__BOXED () from
/usr/lib/libgtk-x11-2.0.so.0
#16 0xb674bf49 in g_value_set_boxed () from /usr/lib/libgobject-2.0.so.0
#17 0xb674d98b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#18 0xb675e56f in g_signal_chain_from_overridden () from
/usr/lib/libgobject-2.0.so.0
#19 0xb675f208 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#20 0xb675f5d9 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#21 0xb6c433e4 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#22 0xb6b4fd2d in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#23 0xb6b501a3 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#24 0xb69e3bfa in _gdk_events_queue () from /usr/lib/libgdk-x11-2.0.so.0
#25 0xb66d2731 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#26 0xb66d57a6 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#27 0xb66d5b67 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#28 0xb6b4f341 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#29 0x081a1180 in ?? ()
#30 0x00000001 in ?? ()
#31 0x00000001 in ?? ()

any idea what could be wrong?

thanks!
bye now!
cristian

References:
- Re: [Wireshark-dev] sigcomp - accessing state with a partial state id >6 bytes
  - From: cco

Prev by Date: Re: [Wireshark-dev] [PATCH] New plugin for Homeplug (ptvcursor)
Next by Date: Re: [Wireshark-dev] Comment request on version resource for Win32 plugins
Previous by thread: Re: [Wireshark-dev] sigcomp - accessing state with a partial state id >6 bytes
Next by thread: [Wireshark-dev] Patch adding option to display time as seconds (and fractions) since epoch
Index(es):
- Date
- Thread