Wireshark-dev: [Wireshark-dev] reassembly, addresses, hash calculation
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Martin Kaiser <lists@xxxxxxxxx>
Date: Sun, 5 Oct 2014 12:56:33 +0200
Hi,

when I looked at bug 10505, I noticed the following code in
packet-mp2t.c

    /* It's possible that a fragment in the same packet set an address already
     * This will change the hash value, we need to make sure it's NULL */

    SET_ADDRESS_HF(&pinfo->src, AT_NONE, 0, NULL, 0);
    SET_ADDRESS_HF(&pinfo->dst, AT_NONE, 0, NULL, 0);

    [...]
    frag_msg = fragment_add_check(&mp2t_reassembly_table,
            tvb, offset, pinfo, frag_id, NULL,
            [...]


Is it really necessary to clear the addresses here in order to make
reassembly work correctly?

Without looking at the reassembly mechanism, I'd say that lower-layer
addresses should be taken into account and mpeg ts packets from
different src/dst addresses shouldn't be reassembled.

mp2t_reassembly_table is initialized with
addresses_reassembly_table_functions. One of these is
fragment_addresses_hash(), which doesn't use the addresses at all.
However, the comparison and key creation functions do use src and dst
addresses...

I'm still tempted to remove the lines where the addresses are cleared.

Thoughts?