Wireshark-bugs: [Wireshark-bugs] [Bug 5983] New: DTLS fragment reassemble failure
Date: Wed, 1 Jun 2011 16:18:19 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5983

           Summary: DTLS fragment reassemble failure
           Product: Wireshark
           Version: 1.5.x (Experimental)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: michaelc@xxxxxxxxxxxxxxx


Created an attachment (id=6440)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6440)
Failed to reassemble packet #5 into server handshake message.

Build Information:
Version 1.7.0 (SVN Rev 37381 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3,
with
Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
May
24 2011), with AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The attached pcap was captured with these two OpenSSL client server handshake
while using a rather large certificate (e.g. 2048-bit RSA or SHA-256
signature):

Server (openssl-0.9.8r on Linux):
  openssl s_server -dtls1 -CAfile cacert.pem -cert 6084.pem -no_dhe

Client (openssl-0.9.8r on Windows):
  openssl s_client -CAfile cacert.pem -cert 5062.pem -dtls1 -connect
10.0.2.15:4433 -debug

Packet #4 contains 2 server handshake messages, Server_Hello and
Server_Certificate, and due to its size, the latter was fragmented and the
second half of which was sent in packet #5. The Wireshark DTLS dissector failed
to reassemble it.  My guess is it is not able to look past Server_Hello.

Sending multiple DTLS records in a single UDP packet is quite normal as shown
in this OpenSSL exercise.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.