Wireshark-bugs: [Wireshark-bugs] [Bug 12882] TCP packets sometimes are incorrectly parsed as TDS
Date: Wed, 07 Dec 2016 02:31:08 +0000

Comment # 9 on bug 12882 from
(In reply to Michael Mann from comment #8)
> (In reply to Gerrit Code Review from comment #7)
> > Change 19125 had a related patch set uploaded by Michael Mann:
> > [TDS] Convert to using tcp_dissect_pdus.
> > 
> > https://code.wireshark.org/review/19125
> 
> As the commit message states, this was an excuse to get rid of
> conversation_set_dissector that IMO was the problem here.  I think the
> heuristic was a bit too far reaching in trying to find a TDS packet.  Most
> TCP dissectors that have a heuristic function just do their checks and then
> call the dissection function (without conversation_set_dissector), so I made
> the TDS dissector match that.  Preferences or Decode As should be good
> enough like it is with most dissectors.

If you have a protocol that runs over a byte-stream protocol, either

    1) you can't use heuristics (because the heuristics will try to identify
packets by looking at the beginning of the packet, but data from the *middle*
of the packet won't match, so reassembly won't see anything but the first bit
of the packet)

or

    2) you have to, once you've heuristically matched a packet, force all
subsequent packets to be handed to the same dissector.

If there are TCP dissectors that do reassembly, use a heuristic, and don't use
conversation_set_dissector(), there can be cases where the reassembly will
fail, so those dissectors are buggy.


You are receiving this mail because:
  • You are watching all bug changes.