Wireshark · Wireshark-dev: Re: [Wireshark-dev] Handling larger than 2 GB packets in dissectors

Wireshark-dev: Re: [Wireshark-dev] Handling larger than 2 GB packets in dissectors

From: Markku Leiniö <markku@xxxxxx>

Date: Tue, 11 Jul 2023 09:25:07 +0300

On 10.7.2023 22.59, Guy Harris wrote:

You would need to change Wireshark:
	1) not to use negative offsets to mean "offset from the end of the packet" (I don't know whether that's used anywhere) and not to use a length of -1 as meaning "to the end of the tvbuff" (there are already "to the end of the rebuff" APIs that should be used instead, although there may have to be more added) and not to use negative offsets or lengths for any other purposes;

	2) to, having made the changes in 1), use 64-bit *unsigned* values as offsets within packets and lengths of packets.

This would still require reassembling packets into single chunks within the address space.

Thanks for the comments, sounds like I will check the message size inthe dissector and then refrain from dissecting if message is too large.


Markku Leiniö

References:
- [Wireshark-dev] Handling larger than 2 GB packets in dissectors
  - From: Markku Leiniö
- Re: [Wireshark-dev] Handling larger than 2 GB packets in dissectors
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] Handling larger than 2 GB packets in dissectors
Next by Date: [Wireshark-dev] Allow choosing a directory of master secret log files for TLS decryption
Previous by thread: Re: [Wireshark-dev] Handling larger than 2 GB packets in dissectors
Next by thread: [Wireshark-dev] Allow choosing a directory of master secret log files for TLS decryption
Index(es):
- Date
- Thread