Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9303] some DCERPC fragment are not identify leading to corrupted RPC payload

Wireshark-bugs: [Wireshark-bugs] [Bug 9303] some DCERPC fragment are not identify leading to cor

Date: Tue, 05 Nov 2013 15:04:13 +0000

Comment # 15 on bug 9303 from Anders Broman

(In reply to comment #14)
> (In reply to comment #12)
> > What about changing it to a Gslist with the protocol handles or proto id
> > prepended that is always built? The string could be constructed from the
> > list of handles/ids when needed and possibly saved.
> 
> That's definitely a possibility - I don't know if it would be faster than
> building the string directly though. I'm honestly a bit surprised how
> significant to performance that ended up being, so I'm wondering if there's
> some other path it's triggering that isn't obvious... 
> 
> (In reply to comment #13)
> > The GSlist should be in frame data.
> 
> Why? We'd have to clear it whenever preferences changed anyways, and we have
> no use for it between dissections.

It could be used before doing dissection as a "pre-filter" if the filter is
sip.xxx we could skip all frames without sip on the second pass. I'm not sure
if there is any traps here, like filters not connected to a protocol in the
frame.

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 9132] wireshark nightly crashes analyzing rtp for phone call
Next by Date: [Wireshark-bugs] [Bug 9384] Support for Alactel-Lucent 8950 AAA
Previous by thread: [Wireshark-bugs] [Bug 9303] some DCERPC fragment are not identify leading to corrupted RPC payload
Next by thread: [Wireshark-bugs] [Bug 9303] some DCERPC fragment are not identify leading to corrupted RPC payload
Index(es):
- Date
- Thread