Wireshark mailing list archives

Re: Recursion depth limit for packet reassembly

From: "Maynard, Chris via Wireshark-dev" <wireshark-dev () wireshark org>
Date: Wed, 13 Nov 2019 17:04:02 +0000

-----Original Message-----
From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On
Behalf Of Thomas Wiens
Sent: Saturday, November 9, 2019 7:18 AM
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] Recursion depth limit for packet reassembly

Hi,

I'm working on a protocol dissector where I'm using packet reassembly.
Now I've got a capture with 1026 fragments, which fails to reassemble with the
standard Wireshark (assert fails) due to the limitation to 500 fragments in
epan/packet.c:
#define PINFO_LAYER_MAX_RECURSION_DEPTH 500

For testing I just increased the limit up to 2000. With the change the
reassembly takes some time when I select the last fragment where it's
reassembled (about 15 seconds on a rather old 32 bit windows machine, but
there are also hundreds of zlib blocks which are decompressed in the
dissector). Other that it takes some time and memory, I didn't notice any
problems.

Is there any reason why it's limited to exactly 500?
Would it be possible to make this limit configurable in the Wireshark settings
dialog?

--
Best Regards

Thomas Wiens


It's probably limited in an attempt to avoid memory exhaustion.  If you'd like for it to be configurable, then I would 
suggest opening a Wireshark enhancement bug request at https://bugs.wireshark.org/bugzilla/ for this.  There's no 
guarantee that it will be implemented though, but that would probably be the best path forward if it is to be 
implemented.

- Chris









CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and 
may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the 
addressee. If you are not the intended recipient and have received this message in error, please delete this message 
from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is 
strictly prohibited.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Recursion depth limit for packet reassembly Thomas Wiens (Nov 09)
- Re: Recursion depth limit for packet reassembly Maynard, Chris via Wireshark-dev (Nov 13)