I stepped through a DICOM capture multiple times, and the result is a little
surprising.
I've attached an analysis document to the bug and the minimal .pcapng to
reproduce.
To me, it looks like the re-assembly does not work anymore, when the TCP
traffic has missing frames and retransmits.
At DICOM dissector level I do a plain 'get more'
pinfo->desegment_len = xxxxxx;
return tvb_captured_length(tvb);
The re-entry happens far too early (and not with the requested amount of
bytes). So it's like its loosing track.
Therefore I looked closer at versions affected. And 1.12.13 is o.k., while,
2.0.0 is not.
To me the wrong decision happens at line Line 3077 (v2.5) in packet-tcp.c
Basically, I'm missing one frame, but it still considers seq to be big
enough.
desegment_tcp()
..
if (msp && msp->seq <= seq && msp->nxtpdu > seq) {
..
But this area has not changed between 1.12 and 2.0, so its higher up. I did
not managed to create a debug environment for 1.12 yet to narrow in, and
don't understand packet-tcp well enough.
Now my question
* How good is 2.x supposed to be in TCP level reassembly in case of
missing packets and retransmits?
* Can anybody help?
Regards
David
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
