Wireshark-bugs: [Wireshark-bugs] [Bug 10305] New: Tftp dissector does not track conversations co
Date: Wed, 23 Jul 2014 16:17:41 +0000
Bug ID | 10305 |
---|---|
Summary | Tftp dissector does not track conversations correctly. Source file and Destination File redundant or disagree. |
Classification | Unclassified |
Product | Wireshark |
Version | 1.12.0 |
Hardware | x86-64 |
OS | Windows 7 |
Status | UNCONFIRMED |
Severity | Minor |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | evanb@aviftech.com |
Created attachment 12922 [details] A capture of several TFTP exchanges. Set the TFTP port to 59 in the preferences. Build Information: Version 1.12.0-rc2 (v1.12.0-rc2-0-gfd017ee from master-1.12) Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (32-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 13 2014), with AirPcap. Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz, with 16264MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 -- The Source File and Destination File fields are sometimes redundant or disagree. For example, in the attached file, see packets 1, 6, 10, 28, and 29. (Make sure you set the TFTP port to 59 in the preferences). The source file field is supposed to contain the file name during read requests. The destination file field is supposed to contain the file name during write requests. The source/destination field that is flagged as generated should only be shown for data packets, not request packets. My solution (you may decide to implement something else) was to replace lines 369-408 of packet-tftp.c with: /* * The first TFTP packet goes to the TFTP port; the second one * comes from some *other* port, but goes back to the same * IP address and port as the ones from which the first packet * came; all subsequent packets go between those two IP addresses * and ports. * * If this packet went to the TFTP port, we create a new conversation * and set the destination port to a wildcard. That way the subsequent packets * can be matched to it. * * If not, we search for a conversation it matches. One might not exist if the * user is explicitly dissecting a packet, so just create a new one if that's * the case. */ if (value_is_in_range(global_tftp_port_range, pinfo->destport)) { conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP, pinfo->srcport, 0, NO_PORT2); conversation_set_dissector(conversation, tftp_handle); } else { conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0); if( (conversation == NULL) || (conversation->dissector_handle != tftp_handle) ) { conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_UDP, pinfo->destport, pinfo->srcport, 0); conversation_set_dissector(conversation, tftp_handle); } }
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 10300] ERF/Ethernet-related bug where a FCS is not present but assumed anyway
- Next by Date: [Wireshark-bugs] [Bug 10300] ERF/Ethernet-related bug where a FCS is not present but assumed anyway
- Previous by thread: [Wireshark-bugs] [Bug 10304] BGP: ISIS TLV 14 (Originating LSP Buffer Size) and TLV 149 (SID/Label Binding) is not decoded
- Next by thread: [Wireshark-bugs] [Bug 10306] New: The app crashes
- Index(es):