Wireshark-dev: Re: [Wireshark-dev] Handling TCP packets reordering

From: Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>
Date: Sat, 7 May 2011 12:26:31 +0200
On Wed, May 04, 2011 at 10:27:32PM +0200, Sake Blok wrote:
> On 4 mei 2011, at 22:11, Jeff Morriss wrote:
> > I would think desegment_tcp() should be able to handle this by not calling your dissector for an out-of-order segment: 
> it should be able to only call your dissector once it has a completely reassembled (desegmented) PDU.  
> Looking through the code, it's not immediately obvious to me what the problem is.
> 
> One case that can cause a problem is when the first segment of a PDU is received out-of-order.

Can we test when creating PDU if created PDU overlaps with another one?
Attaching PoC.
diff --git epan/dissectors/packet-tcp.c epan/dissectors/packet-tcp.c
index 58bbb5a..ad0648d 100644
--- epan/dissectors/packet-tcp.c
+++ epan/dissectors/packet-tcp.c
@@ -1940,6 +1940,19 @@ again:
             fragment_add(tvb, deseg_offset, pinfo, msp->first_frame,
                          tcp_fragment_table, 0, nxtseq - deseg_seq,
                          LT_SEQ(nxtseq, msp->nxtpdu));
+
+			/* check if we've already have PDU which overlaps with this one */
+			{
+				struct tcp_multisegment_pdu *msp2 = se_tree_lookup32_le(tcpd->fwd->multisegment_pdus, msp->nxtpdu);
+
+				/* msp2 should never be NULL */
+				if (msp2 != NULL && msp2 != msp) {
+					/* 
+					 * XXX, what can we do here? 
+					 */
+					g_warning("XXX, msp != msp2 (%u...%u %u)\n", msp->seq, msp->nxtpdu, msp2->seq);
+				}
+			}
         }
     }