Wireshark-dev: [Wireshark-dev] SVN revision 35005 and heuristic dissectors
Hi,
since revision 35005 and the commit of the ReLOAD framing dissector the UDP heuristic dissector I use (LTE-RLC) no longer works. My RLC PDU is seen as a ReLOAD packet.
When looking at the code, the function dissect_reload_framing_heur() calls dissect_reload_framing_message() that does almost no checks:
/* First, make sure we have enough data to do the check. */
if (effective_length < MIN_HDR_LENGTH)
return 0;
/* Get the type */
type = tvb_get_guint8(tvb, 0);
if (type == DATA) {
/* in the data type, check the reload token to be sure this
is a reLoad packet */
message_length = (tvb_get_ntohs(tvb, 1 + 4)<<8)+ tvb_get_guint8(tvb, 1 + 4 + 2);
if (message_length < MIN_RELOADDATA_HDR_LENGTH) {
return 0;
}
relo_token = tvb_get_ntohl(tvb,1 + 4 + 3);
if (relo_token != RELOAD_TOKEN) {
return 0;
}
}
The LTE-RLC heuristic dissector adds the "rlc-lte" string at the beginning of the UDP packet and unfortunately it is caught by the code above.
I'm not familiar with this protocol but I guess there is probably a way to avoid breaking other dissectors. Adding the following patch helps on my side but I'm not sure it is fully valid and it still seems weak to me:
Index: epan/dissectors/packet-reload-framing.c
===================================================================
--- epan/dissectors/packet-reload-framing.c (revision 35018)
+++ epan/dissectors/packet-reload-framing.c (working copy)
@@ -143,9 +143,10 @@
if (relo_token != RELOAD_TOKEN) {
return 0;
}
+ } else if (type != ACK) {
+ return 0;
}
-
/* The message seems to be a valid reLOAD framing message! */
col_set_str(pinfo->cinfo, COL_PROTOCOL, "RELOAD Frame");
Thanks,
Pascal.
