Wireshark-bugs: [Wireshark-bugs] [Bug 2153] Bugs in the RTMP(T) decoder
Date: Sat, 9 Feb 2008 16:41:09 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2153





--- Comment #3 from metatech <metatech@xxxxxxxxxxxxx>  2008-02-09 16:41:06 GMT ---
Sorry for the late reply but I have very little time to investigate further the
problem and provide a fix.
Mark sent me a capture file which shows the problem is even worse than I
thought because the RTMP protocol is even more flexible.
A PDU can be split into "chunks" of 128 bytes, each one with a "one byte
header" used as a separator between the chunks of the same PDU (typically 0xC2
or 0xC3 or ...).
It turns out that chunks of different PDU can also be interleaved, which is
even more complicated to decode, so you can have :
Chunk 1 of PDU 1 (for instance INVOKE)
Chunk 1 of PDU 2 (for instance AUDIO)
Chunk 2 of PDU 1 (for instance INVOKE)
...
The dissector in its current state definitely cannot handle that, and this
would require a major change to support that.
Unfortunately I do not have time for this for the moment, and as I said, I only
wrote the dissector based on the RTMP streams that I viewed on the web, and I
am certainly lacking of the big picture on this protocol.
I hope that the dissector can still prove useful in its current state for some
people... if not, and if is causing too much trouble, maybe it can be
(temporarily ?) removed from Wireshark until someone *really knowledgeable* in
the RTMP protocol digs into it.




-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.