Bug-13388 - TCP level reassembly bug in 2.x ??

[<david_aggeler () hispeed ch>]

I stepped through a DICOM capture multiple times, and the result is a little
surprising. 

I've attached an analysis document to the bug and the minimal .pcapng to
reproduce.

 

To me, it looks like the re-assembly does not work anymore, when the TCP
traffic has missing frames and retransmits.

 

At DICOM dissector level I do a plain 'get more'

 

pinfo->desegment_len = xxxxxx;

return tvb_captured_length(tvb);

 

The re-entry happens far too early (and not with the requested amount of
bytes). So it's like its loosing track.

 

Therefore I looked closer at versions affected. And 1.12.13 is o.k., while,
2.0.0 is not. 

To me the wrong decision happens at line Line 3077 (v2.5) in packet-tcp.c

Basically, I'm missing one frame, but it still considers seq to be big
enough.

 

desegment_tcp()

..

if (msp && msp->seq <= seq && msp->nxtpdu > seq) {

..

 

 

But this area has not changed between 1.12 and 2.0, so its higher up. I did
not managed to create a debug environment for 1.12 yet to narrow in, and
don't understand packet-tcp well enough.

 

Now my question

 

*       How good is 2.x supposed to be in TCP level reassembly in case of
missing packets and retransmits?
*       Can anybody help?

 

Regards

David

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe