Wireshark-commits: [Wireshark-commits] master cbffd8c: gtp, gtpv2: improve request/reply matching a
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cbffd8c646e46c2203f2c4d286b3dcc157d83d90
Submitter: Roland Knall (rknall@xxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
cbffd8c by Ivan Nardi (nardi.ivan@xxxxxxxxx):
gtp, gtpv2: improve request/reply matching algorithm
GTP tunnel endpoints (MMEs, GSNs...) will eventually reuse sequence number
values. When handling long capture files this may lead to wrong request/reply
pairs: a message may be considered as a reply to an old request
sharing the same reused seq number
Add an heuristic to the matching algorithm that involves timestamps:
request/reply pair matches only if their timestamps are closer than a
configurable threshold. If such value is 0 (default), timestamps are not
used and only seq number values are evaluated (i.e. fall-back to old behavior)
Note that a wrong match might lead to wrong (gtp-)association/session
While at it, extend messagge list explicitly used by the algorithm
Change-Id: I021e6e1ce1651a64d24b0664d6e27c9ba39c735c
Reviewed-on: https://code.wireshark.org/review/27500
Petri-Dish: Roland Knall <rknall@xxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@xxxxxxxxx>
Actions performed:
from 14456d0 travis: fix gem command line.
adds cbffd8c gtp, gtpv2: improve request/reply matching algorithm
Summary of changes:
epan/dissectors/packet-gtp.c | 37 +++++++++++++++++++++++++++++++++++++
epan/dissectors/packet-gtpv2.c | 25 +++++++++++++++++++++++++
2 files changed, 62 insertions(+)