Wireshark-bugs: [Wireshark-bugs] [Bug 12882] TCP packets sometimes are incorrectly parsed as TDS
Comment # 9
on bug 12882
from Guy Harris
(In reply to Michael Mann from comment #8)
> (In reply to Gerrit Code Review from comment #7)
> > Change 19125 had a related patch set uploaded by Michael Mann:
> > [TDS] Convert to using tcp_dissect_pdus.
> >
> > https://code.wireshark.org/review/19125
>
> As the commit message states, this was an excuse to get rid of
> conversation_set_dissector that IMO was the problem here. I think the
> heuristic was a bit too far reaching in trying to find a TDS packet. Most
> TCP dissectors that have a heuristic function just do their checks and then
> call the dissection function (without conversation_set_dissector), so I made
> the TDS dissector match that. Preferences or Decode As should be good
> enough like it is with most dissectors.
If you have a protocol that runs over a byte-stream protocol, either
1) you can't use heuristics (because the heuristics will try to identify
packets by looking at the beginning of the packet, but data from the *middle*
of the packet won't match, so reassembly won't see anything but the first bit
of the packet)
or
2) you have to, once you've heuristically matched a packet, force all
subsequent packets to be handed to the same dissector.
If there are TCP dissectors that do reassembly, use a heuristic, and don't use
conversation_set_dissector(), there can be cases where the reassembly will
fail, so those dissectors are buggy.
You are receiving this mail because:
- You are watching all bug changes.