Wireshark-bugs: [Wireshark-bugs] [Bug 3263] New: Patch: TCP reassembly: no fragment tree when us
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3263
Summary: Patch: TCP reassembly: no fragment tree when using
DESEGMENT_UNTIL_FIN
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: rocket@xxxxxxxxxxxxxx
Created an attachment (id=2752)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2752)
Patch to packet-tcp.c to display the fragment tree when using
DESEGMENT_UNTIL_FIN
Build Information:
wireshark 1.1.3-cadams-mgsft-ldss-1 (SVN Rev 27462)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.14.7, with GLib 2.18.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.6.4, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 16 2009), with
AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, GnuTLS 2.6.4,
Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 21022
--
Not many dissectors use DESEGMENT_UNTIL_FIN; it seems only HTTP uses it, and
only when there's no Content-Length header.
I've been using DESEGMENT_UNTIL_FIN in a dissector I'm updating (LDSS). The
dissector needs to cope with early termination of connections, where less data
is transferred than expected.
Right now with DESEGMENT_UNTIL_FIN, the TCP dissector doesn't display the
fragment tree (the "Reassembled TCP segments" with links to the frames that
were reassembled).
Attached is one possible patch to packet-tcp.c to display the fragment tree.
Because DESEGMENT_UNTIL_FIN dissects the FIN packet as the high-level PDU, the
fragment tree also contains the FIN packet. It has 0 bytes of PDU data. Ugly
but logical..
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.