Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1124] New: Application level protocol PDUs not dissected properly if minimal h

[bugzilla-daemon@xxxxxxxxxxxxx]

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1124

           Summary: Application level protocol PDUs not dissected properly
                    if minimal header broken across packets
           Product: Wireshark
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jhoger@xxxxxxxxx


Problem:

Application level protocol PDUs are not dissected properly if the minimal
header broken across packets.
Using tcp_dissect_pdus I have been having issues with improper
dissection of application level protocol PDUs with my proprietary
protocol.

So that this problem can be efficiently debugged, I have reproduced
the issue against a BitTorrent peer.

Problem:
tcp_dissect_pdus is used by many dissectors to extract PDUs from the
arbitrarily fragmented TCP stream. It is provided a "PDU measure"
callback routine and a minimum length prefix of the packet required to
determine the length of the entire PDU. The PDU measure routine is
only called if sufficient bytes  (the minimum length prefix) can be
provided

I have discovered that BitTorrent, and likely all dissectors that use
tcp_dissect_pdus are broken in the case that the minimum length prefix
is broken across TCP segments.

I do not know if the problem is directly related to tcp_dissect_pdus
or is a more general problem with desegmentation.

I will attach a capture file I used which demonstrates the bug.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.