Wireshark mailing list archives
Re: SCCP reassembly broken for duplicated SCTP messages.
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Mon, 07 Mar 2011 14:25:57 -0500
Jeff Morriss wrote:
Anders Broman wrote:I had tried to solve this before in the SCCP dissector by trying to use the "segments remaining" as a quasi-sequence number >(and assuming Wireshark's generic reassembly routines handled duplicate data correctly), but I couldn't get it to work because the "segments remaining" (of course) goes down as you get more packets, but the reassembly routines want incrementing sequence numbers. (I thought of building new routines with decrementing sequence numbers but after looking at >the reassembly code I gave up pretty quickly.)Hi,SCCP reassembly will add both segments from duplicated packets thus producing garbage in the reassembled packet. An "easy" fix could perhaps bee to add a flag in pinfo "duplicate" or "suspected duplicate" and ignore such frames in reassembly, possibly the Dissector doing reassembly could have a preference wether to use the flag or not - thoughts?Another option might be to (in SCTP, for example) not pass duplicate TSNs to the subdissectors, instead marking them as >"[retransmission]" in COL_INFO. That would actually have some usability benefits: I can't count the number of times I (or >a colleague) have been confused by a trace only to eventually realize we were looking at (a lot of) retransmissions. >[Okay, just adding TCP-style COL_INFO blurbs for retransmissions would achieve the same usability benefit.]
Rev 36159 modified the SCTP dissector to not pass (detected) retransmissions to subdissectors. Comments/feedback are welcome.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- SCCP reassembly broken for duplicateded SCTP messages. Anders Broman (Mar 03)
- Re: SCCP reassembly broken for duplicated SCTP messages. Jeff Morriss (Mar 03)
- Re: SCCP reassembly broken for duplicated SCTP messages. Anders Broman (Mar 03)
- Re: SCCP reassembly broken for duplicated SCTP messages. Jeff Morriss (Mar 03)
- Re: SCCP reassembly broken for duplicated SCTP messages. Jeff Morriss (Mar 07)
- Re: SCCP reassembly broken for duplicated SCTP messages. Anders Broman (Mar 03)
- Re: SCCP reassembly broken for duplicated SCTP messages. Jeff Morriss (Mar 03)
- Re: SCCP reassembly broken for duplicateded SCTP messages. Sake Blok (Mar 03)
- Re: SCCP reassembly broken for duplicated SCTP messages. Jeff Morriss (Mar 03)
- Re: SCCP reassembly broken for duplicated SCTP messages. Jeff Morriss (Mar 03)
- Re: SCCP reassembly broken for duplicated SCTP messages. Jeff Morriss (Mar 23)
- Re: SCCP reassembly broken for duplicated SCTP messages. Sake Blok (Mar 23)
- Re: SCCP reassembly broken for duplicated SCTP messages. Jeff Morriss (Mar 03)