Home page logo

wireshark logo Wireshark mailing list archives

Re: Defect in reassembling TCP stream. Bug and Patch are available on Bugzilla.
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Fri, 28 Mar 2014 16:57:29 +0100

Le 28 mars 2014 16:52, "Pavel Karneliuk" <Pavel_Karneliuk () epam com> a écrit

Hi Pascal,

thank you for answer. I saw your commits to follow.c and I hoped for your

450:if( newseq > seq[idx] ) {

I think - Yes. It compares sequence numbers.

459: if ( current->data_len > new_pos ) {
I am sure,  that - No. Because it compares length of data from fragment
instead of sequence numbers.
Doh that's what happens when you reply without looking carefully at the
code ;)

There are some places in check_fragments() and reassemble_tcp() with a
"naive" comparison of sequence numbers:
369: if( sequence < seq[src_index] ) {

I think, they should be replaced with macros from packet-tcp.h 51-55.  At
least to be uniformly.

As Graham suggested, it would be great if you could submit a patch on
gerrit against master branch. Would it be feasible?

Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]