Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 2345] New: setting src/ dst in an encapsulated proto breaks reassembling of TC

Wireshark-bugs: [Wireshark-bugs] [Bug 2345] New: setting src/ dst in an encapsulated proto break

Date: Mon, 10 Mar 2008 14:29:58 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2345

           Summary: setting src/dst in an encapsulated proto breaks
                    reassembling of TCP
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: High
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxx


Created an attachment (id=1530)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1530)
trace file of TIPC-over-TCP (port 666) which can be dissected after applying
the patch attached to Bug 2335

Build Information:
wireshark 0.99.9 (SVN Rev 24583)
--
I am currently developing the encapsulation of TIPC in TCP. I updated the
Wireshark dissector to reassemble the packages segmented over multiple TCP
messages (bug #2335).

Now I figured out that setting the src and/or dst of the pinfo structure by
doing "SET_ADDRESS(&pinfo->src, AT_TIPC, 4, src_addr);" in the subdissector
breaks the reassembly of messages also starting (but not ending) in the very
same TCP packet. This is because the reassembly code uses the src and dst of
the pinfo structure as key to find the matching segments of the encapsulated
message.

I am attaching a trace file of TIPC-over-TCP demonstrating this. Before it can
be dissected at all, the patch in attachment #1523 of bug #2335 has to be
applied and then the TCP port in the preferences has to be set to 666.

Sample packages look like this:

##########################################
#  TCP packet 1     # TIPC message 1     #
#                   #                    #
#                   #                    #
#                   #                    #
#                   # (sets pinfo->src)  #
#                   #                    #
#                   #                    #
#                   ######################
#                   # TIPC message 2     #
#                   # part 1/2           #
##########################################
This package is dissected as "TIPC message 1".

##########################################
#  TCP packet 2     # TIPC message 2     #
#                   # part 2/2           #
#                   #                    #
# (sets pinfo->src) #                    #
#                   #                    #
#                   #                    #
#                   #                    #
##########################################
This package is shown to be a "[TCP segment of a reassembled PDU]". TIPC
message 2 is not reassembled as pinfo->src (and pinfo->dst) of the two packets
do not match.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 2345] setting src/ dst in an encapsulated proto breaks reassembling of TCP
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2345] setting src/ dst in an encapsulated proto breaks reassembling of TCP
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 2344] New: Real Time Messaging Protocol packet dissection bug
Next by Date: [Wireshark-bugs] [Bug 2328] Wireshark crashes when trying PDML EXPORT (with protocol UNISTIM )
Previous by thread: [Wireshark-bugs] [Bug 2344] Real Time Messaging Protocol packet dissection bug
Next by thread: [Wireshark-bugs] [Bug 2345] setting src/ dst in an encapsulated proto breaks reassembling of TCP
Index(es):
- Date
- Thread