Ethereal-dev: [Ethereal-dev] TCP desegmentation

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Pierre JUHEN <pierre.juhen@xxxxxxxxxx>
Date: Mon, 13 Oct 2003 22:40:59 +0200
I am writing a TCP dissector for a private protocol that uses TCP desegmentation.
Using it, I found out that the TCP dissector labels "[IIlegal segments]" segments where the sender retransmits a frame that overlap the previous (lost) one, but is longer.
Therefore, the TCP dissectors sets the FD_TOOLONGFRAGMENT and FD_MULTIPLETAILS flags, 
taht leads to the "[IIlegal segments]"  message.

On a pure TCP standard point of view, this seems not being illegal.

Thank you for your advice.

__________________________

Proposed patch for "reassemble.c"

--- reassemble.c.old    2003-08-29 03:54:53.000000000 +0200
+++ reassemble.c        2003-10-13 22:24:06.000000000 +0200
@@ -1582,12 +1582,11 @@
static gboolean
show_fragment_errs_in_col(fragment_data *fd_head, const fragment_items *fit, 
    packet_info *pinfo)
{
-       if (fd_head->flags & (FD_OVERLAPCONFLICT
-               |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
+       if (fd_head->flags & (FD_OVERLAPCONFLICT) ) {
               if (check_col(pinfo->cinfo, COL_INFO)) {
-                       col_add_fstr(pinfo->cinfo, COL_INFO,
+                       col_append_fstr(pinfo->cinfo, COL_INFO,
                               "[Illegal %s]", fit->tag);
                       return TRUE;
               }
       }