Wireshark-commits: [Wireshark-commits] master cbffd8c: gtp, gtpv2: improve request/reply matching a
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Tue, 05 Jun 2018 07:30:45 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cbffd8c646e46c2203f2c4d286b3dcc157d83d90
Submitter: Roland Knall (rknall@xxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

cbffd8c by Ivan Nardi (nardi.ivan@xxxxxxxxx):

    gtp, gtpv2: improve request/reply matching algorithm
    
    GTP tunnel endpoints (MMEs, GSNs...) will eventually reuse sequence number
    values. When handling long capture files this may lead to wrong request/reply
    pairs: a message may be considered as a reply to an old request
    sharing the same reused seq number
    
    Add an heuristic to the matching algorithm that involves timestamps:
    request/reply pair matches only if their timestamps are closer than a
    configurable threshold. If such value is 0 (default), timestamps are not
    used and only seq number values are evaluated (i.e. fall-back to old behavior)
    
    Note that a wrong match might lead to wrong (gtp-)association/session
    
    While at it, extend messagge list explicitly used by the algorithm
    
    Change-Id: I021e6e1ce1651a64d24b0664d6e27c9ba39c735c
    Reviewed-on: https://code.wireshark.org/review/27500
    Petri-Dish: Roland Knall <rknall@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Roland Knall <rknall@xxxxxxxxx>
    

Actions performed:

    from  14456d0   travis: fix gem command line.
    adds  cbffd8c   gtp, gtpv2: improve request/reply matching algorithm


Summary of changes:
 epan/dissectors/packet-gtp.c   | 37 +++++++++++++++++++++++++++++++++++++
 epan/dissectors/packet-gtpv2.c | 25 +++++++++++++++++++++++++
 2 files changed, 62 insertions(+)