Wireshark-bugs: [Wireshark-bugs] [Bug 1722] New: TCP reassembly missing payload of FIN packet, w
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1722
Summary: TCP reassembly missing payload of FIN packet, when
DESEGMENT_UNTIL_FIN is set
Product: Wireshark
Version: 0.99.6
Platform: All
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: sunyin51@xxxxxxxxx
Build Information:
Version 0.99.6
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.8.10, with GLib 2.8.5, with libpcap 0.9.4, with libz
1.2.3,
with libpcre 6.4, without Net-SNMP, without ADNS, without Lua, with GnuTLS
1.2.10, with Gcrypt 1.2.2, with MIT Kerberos, without PortAudio, without
AirPcap.
Running on Linux 2.6.16.27-0.9-smp, with libpcap version 0.9.4.
Built using gcc 4.1.0 (SUSE Linux).
--
TCP reassembly missing payload of FIN packet, when DESEGMENT_UNTIL_FIN is set.
When a subdissector on top of TCP set
if (pinfo->can_desegment) {
pinfo->desegment_len = DESEGMENT_UNTIL_FIN;
return;
}
then the subdissector should receive the whole reassembled TCP stream in tvb.
But the bug is it is missing the last payload from the FIN packet. Yes FIN
packet may contains some data.
Is this by design? or by mistake?
suggested fix,
Inside packet-tcp.c function dissect_tcp, around line 2899
inside of
if( (tcph->th_flags & TH_FIN)
&& (tcpd->fwd->flags&TCP_FLOW_REASSEMBLE_UNTIL_FIN) ){
then inside of
if(msp){
ipfd_head = fragment_add(tvb, offset, pinfo, msp->first_frame,
tcp_fragment_table,
tcph->th_seq - msp->seq,
tcph->th_seglen,
FALSE );
then inside of
if(ipfd_head){
next_tvb = tvb_new_real_data(ipfd_head->data, ipfd_head->datalen,
ipfd_head->datalen);
-------------- patch snippet -------------
@@ -2897,10 +2890,10 @@
if(msp){
fragment_data *ipfd_head;
- ipfd_head = fragment_add(tvb, offset-1, pinfo, msp->first_frame,
+ ipfd_head = fragment_add(tvb, offset, pinfo, msp->first_frame,
tcp_fragment_table,
tcph->th_seq - msp->seq,
- 1,
+ tcph->th_seglen,
FALSE );
if(ipfd_head){
tvbuff_t *next_tvb;
@@ -2908,7 +2901,7 @@
/* create a new TVB structure for desegmented data
* datalen-1 to strip the dummy FIN byte off
*/
- next_tvb = tvb_new_real_data(ipfd_head->data, ipfd_head->datalen-1,
ipfd_head->datalen-1);
+ next_tvb = tvb_new_real_data(ipfd_head->data, ipfd_head->datalen,
ipfd_head->datalen);
/* add this tvb as a child to the original one */
tvb_set_child_real_data_tvbuff(tvb, next_tvb);
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.