Wireshark mailing list archives
Bug-13388 - TCP level reassembly bug in 2.x ??
From: <david_aggeler () hispeed ch>
Date: Tue, 27 Mar 2018 17:42:08 +0200
I stepped through a DICOM capture multiple times, and the result is a little surprising. I've attached an analysis document to the bug and the minimal .pcapng to reproduce. To me, it looks like the re-assembly does not work anymore, when the TCP traffic has missing frames and retransmits. At DICOM dissector level I do a plain 'get more' pinfo->desegment_len = xxxxxx; return tvb_captured_length(tvb); The re-entry happens far too early (and not with the requested amount of bytes). So it's like its loosing track. Therefore I looked closer at versions affected. And 1.12.13 is o.k., while, 2.0.0 is not. To me the wrong decision happens at line Line 3077 (v2.5) in packet-tcp.c Basically, I'm missing one frame, but it still considers seq to be big enough. desegment_tcp() .. if (msp && msp->seq <= seq && msp->nxtpdu > seq) { .. But this area has not changed between 1.12 and 2.0, so its higher up. I did not managed to create a debug environment for 1.12 yet to narrow in, and don't understand packet-tcp well enough. Now my question * How good is 2.x supposed to be in TCP level reassembly in case of missing packets and retransmits? * Can anybody help? Regards David
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Bug-13388 - TCP level reassembly bug in 2.x ?? david_aggeler (Mar 27)
- Re: Bug-13388 - TCP level reassembly bug in 2.x ?? Graham Bloice (Mar 27)
- Re: Bug-13388 - TCP level reassembly bug in 2.x ?? Pascal Quantin (Mar 27)
- Re: Bug-13388 - TCP level reassembly bug in 2.x ?? Graham Bloice (Mar 27)