http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1698
Summary: Desegment Chunked HTTP Bodies
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: wireshark@xxxxxxxxxx
Build Information:
n/a
--
Enclosed is a patch with fixes problems with the desegmentation of chunked HTTP
message bodies.
The problem occurs with the current source because the TCP desegmentation code
appears to obey literally the response asking for "one more byte" that the HTTP
dissector was returning.
Using the enclosed trace the HTTP dissector receives frame 10 with a tvbuff of
912 bytes. Since it could not fully dissect the body it asks for one more byte.
The next call to the HTTP dissector is with frame 12 and a tvbuff of 913 bytes.
This is exactly the 1 more that was previously requested. However, the rest of
the data in frame 12 is not available in the tvbuff. The one additional byte is
not enough to satisfy req_resp_hdrs_do_reassembly() so it requests two more
bytes.
The request is ignored and the 2 bytes are never provided. The next time that
the HTTP dissector is called it is with a new tvbuff containing the remainder
of the bytes from frame 12 and eventually the bytes from frame 14 as well.
Changing the value of pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT rather
than the current 1 or 2 seems to make everything work. (I'm kind of confused as
to why the headers resassembly code already used DESEGMENT_ONE_MORE_SEGMENT and
the body reassembly code did not).
Incidentally, is the comment in epan/packet_info.h regarding
DESEGMENT_ONE_MORE_SEGMENT not being fully implemented still true?
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
