Wireshark-bugs: [Wireshark-bugs] [Bug 11173] HTTP2 dissector decodes first SSL record only
Comment # 9
on bug 11173
from Peter Wu
Here is a diff of the backtraces in packet 51 of test.pcap
--- test.pcap frame 51 - first record
+++ test.pcap frame 51 - last (fragmented) record
#0 fragment_add (table=table@entry=0x7ffff67e98e0 <ssl_reassembly_table>,
- tvb=tvb@entry=0x6060000c5960,
- offset=offset@entry=60,
+ tvb=tvb@entry=0x6060000c4820,
+ offset=offset@entry=1053,
pinfo=pinfo@entry=0x61300000db18,
id=51, data="" frag_offset=0,
- frag_data_len=1340,
+ frag_data_len=347,
more_frags=1
) at epan/reassemble.c:1393
#1 0x00007fffeca371ce in desegment_ssl (
- tvb=tvb@entry=0x6060000c5960,
+ tvb=tvb@entry=0x6060000c4820,
pinfo=pinfo@entry=0x61300000db18,
- offset=offset@entry=0,
- seq=18183,
+ offset=1053, offset@entry=0,
+ seq=34636,
nxtseq=<optimized out>, session=session@entry=0x7fffd641b368,
root_tree=0x60400004e3d0, tree=0x7fffd621dea0, flow=0x7fffd641c7f0
) at epan/dissectors/packet-ssl.c:1225
#2 0x00007fffeca37a7a in dissect_ssl_payload (tvb=tvb@entry=0x6070002bea90,
pinfo=pinfo@entry=0x61300000db18,
- offset=offset@entry=5,
+ offset=offset@entry=15724,
tree=tree@entry=0x7fffd621dea0, session=session@entry=0x7fffd641b368
) at epan/dissectors/packet-ssl.c:1380
#3 0x00007fffeca397be in dissect_ssl3_record (tvb=tvb@entry=0x6070002bea90,
pinfo=pinfo@entry=0x61300000db18,
tree=tree@entry=0x7fffd621dea0,
- offset=5,
- offset@entry=0,
+ offset=15724,
+ offset@entry=15719,
session=session@entry=0x7fffd641b368,
is_from_server=is_from_server@entry=1,
need_desegmentation=0x7fffffffb4e0,
ssl=0x7fffd641b0c0,
- first_record_in_frame=1
+ first_record_in_frame=0
) at epan/dissectors/packet-ssl.c:1736
#4 0x00007fffeca3a31a in dissect_ssl (tvb=0x6070002bea90,
pinfo=0x61300000db18, tree=<optimized out>, data="" out>
) at epan/dissectors/packet-ssl.c:755
#5 0x00007fffebc60a69 in call_dissector_through_handle (
handle=handle@entry=0x7fffd8985e50, tvb=tvb@entry=0x6070002bea90,
pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400004e3d0,
data=""
) at epan/packet.c:618
Possibly noteworthy is that the last full frame has more_frags=0 (and
desegment_ssl operates on the decrypted payload). I think that the problem is
related to bug 3303.
You are receiving this mail because:
- You are watching all bug changes.