Wireshark-bugs: [Wireshark-bugs] [Bug 5117] tcp_dissect_pdus: Possible bug related to appending
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5117
David Ameiss <dameiss@xxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dameiss@xxxxxxxxxx
--- Comment #2 from David Ameiss <dameiss@xxxxxxxxxx> 2012-11-01 08:50:48 PDT ---
I've run into this same situation recently with Wireshark 1.8.2. Using my
company's dissector, with a 3-frame capture:
- Frame 1 is a TCP packet containing 17 PDUs, with the beginning of the 18th
PDU
- Frame 2 is an ACK
- Frame 3 is a TCP packet containing the rest of the 18th PDU from frame 1,
plus an additional 17 PDUs
Our dissector sets the protocol column, sets the INFO column with some basic
info, then adds to the INFO column a short description of each PDU. Once we
recognize that the PDU is ours, and is the first PDU in the frame, the PROTOCOL
column is set, the INFO column is set, then the INFO column is fenced so
subsequent PDU dissections can add to it.
If I start Wireshark and load the 3-frame file, the first frame shows the
normal TCP stuff for PROTOCOL and INFO, and frame 3 shows only a single PDU
description. If I close the file then re-open it, suddenly frame 1 is displayed
correctly, though frame 3 still shows only 1 of the 18 PDU descriptions.
I put a breakpoint in desegment_tcp at the point the columns are set
non-writeable, and at the point they are set writeable. I need to do more
testing, but what I saw was it was set non-writeable on the first frame, then
when the file was re-loaded it was set writeable.
As I said, I obviously have to do more testing. But at least as of 1.8.2, this
particular issue still exists.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.