Wireshark mailing list archives
Enabling TCP Out-of-Order reassembly by default
From: Peter Wu <peter () lekensteyn nl>
Date: Sun, 3 Jun 2018 19:30:12 +0200
Hi, A long standing issue is that the TCP dissector is unable to reassemble out-of-order segments, resulting in missing HTTP objects and breaking TLS decryption (among other things). In order to tackle this, I wrote a patch to buffer segments until all missing segments are found: https://code.wireshark.org/review/27943 (Reviews are welcome, especially for the User's Guide changes and the idea itself.) This behavior is currently disabled by default and put behind an additional preference. I was wondering though if you would be okay with enabling correct out-of-order handling by default. I could also make it depend on the "Allow subdissector to reassemble TCP streams" preference if desired. Then users who are only doing TCP analysis do not have to disable an additional preference. -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Enabling TCP Out-of-Order reassembly by default Peter Wu (Jun 03)
- Re: Enabling TCP Out-of-Order reassembly by default Guy Harris (Jun 03)
- Re: Enabling TCP Out-of-Order reassembly by default Peter Wu (Jun 03)
- Re: Enabling TCP Out-of-Order reassembly by default Guy Harris (Jun 03)