aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Wu <peter@lekensteyn.nl>2019-12-22 00:25:36 +0100
committerAnders Broman <a.broman58@gmail.com>2020-01-09 07:58:03 +0000
commit3e9e05cf0ad02d1c03d80071b782dc23010f10dd (patch)
tree78e421580109b005a34983ace4b833826f9087d3
parent0db02a89f3cb0bca3a8c6a796e7bd8822e4b3c3f (diff)
TCP: fix DESEGMENT_UNTIL_FIN handling in combination with OoO tracking
For dissectors that expect reassembly at FIN (for example, the WHOIS dissector), the expected end of the reassembly is not known until the FIN packet is received. We cannot rely on 'nxtseq' being valid, and certainly not use it to set the end of the reassembly using fragment_reset_tot_len. Since (1) OoO segments before FIN are already properly handled without extra care, and (2) OoO FIN is already broken, just disable OoO handling when DESEGMENT_UNTIL_FIN is requested. This ensures that reassembly at FIN is not skipped due to lack of data. Explicitly calculate 'nxtpdu' for the FIN case. Previously it happened to work because streams were often smaller than DESEGMENT_UNTIL_FIN (0x0ffffffe, 256MiB), but that was not obvious. Bug: 16289 Change-Id: I9b9468925d49765e21e58136c8a2366da082eeba Fixes: v2.9.0rc0-1097-gca42331437 ("tcp: add support for reassembling out-of-order segments") Reviewed-on: https://code.wireshark.org/review/35543 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r--epan/dissectors/packet-tcp.c29
1 files changed, 27 insertions, 2 deletions
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c
index 66849afd0c..c4a9a6eb15 100644
--- a/epan/dissectors/packet-tcp.c
+++ b/epan/dissectors/packet-tcp.c
@@ -3217,12 +3217,16 @@ again:
}
}
- if (reassemble_ooo && tcpd && !PINFO_FD_VISITED(pinfo)) {
+ if (reassemble_ooo && tcpd && !(tcpd->fwd->flags & TCP_FLOW_REASSEMBLE_UNTIL_FIN) && !PINFO_FD_VISITED(pinfo)) {
/* If there is a gap between this segment and any previous ones (that
* is, seqno is larger than the maximum expected seqno), then it is
* possibly an out-of-order segment. The very first segment is expected
* to be in-order though (otherwise captures starting in midst of a
* connection would never be reassembled).
+ *
+ * Do not bother checking for OoO segments for streams that are
+ * reassembled at FIN, the order of segments before FIN does not matter
+ * as reordering and reassembly occurs at FIN.
*/
if (tcpd->fwd->maxnextseq) {
/* Segments may be missing due to packet loss (assume later
@@ -3290,7 +3294,7 @@ again:
last_fragment_len = len;
- if (reassemble_ooo) {
+ if (reassemble_ooo && tcpd && !(tcpd->fwd->flags & TCP_FLOW_REASSEMBLE_UNTIL_FIN)) {
/*
* If the previous segment requested more data (setting
* FD_PARTIAL_REASSEMBLY as the next segment length is unknown), but
@@ -3298,6 +3302,12 @@ again:
* then "fragment_add" would truncate the reassembled PDU to the end
* of this OoO segment. To prevent that, explicitly specify the MSP
* length before calling "fragment_add".
+ *
+ * When a subdissector requests reassembly at the end of the
+ * connection (DESEGMENT_UNTIL_FIN), then it is not
+ * possible for an earlier segment to complete reassembly
+ * (more_frags for fragment_add is always TRUE). Thus we do not
+ * have to worry about increasing the fragment length here.
*/
fragment_reset_tot_len(&tcp_reassembly_table, pinfo,
msp->first_frame, NULL,
@@ -3599,6 +3609,21 @@ again:
msp = pdu_store_sequencenumber_of_next_pdu(pinfo, deseg_seq,
nxtseq+1, tcpd->fwd->multisegment_pdus);
msp->flags |= MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT;
+ } else if (pinfo->desegment_len == DESEGMENT_UNTIL_FIN) {
+ /*
+ * The subdissector asked to reassemble at the end of the
+ * connection. That will be done in dissect_tcp, but here we
+ * have to ask reassembly to collect all future segments.
+ * Note that TCP_FLOW_REASSEMBLE_UNTIL_FIN was set before, this
+ * ensures that OoO detection is skipped.
+ * The exact nxtpdu offset does not matter, but it should be
+ * smaller than half of the maximum 32-bit unsigned integer to
+ * allow detection of sequence number wraparound, and larger
+ * than the largest possible stream size. Hopefully 1GiB
+ * (0x40000000 bytes) should be enough.
+ */
+ msp = pdu_store_sequencenumber_of_next_pdu(pinfo, deseg_seq,
+ nxtseq+0x40000000, tcpd->fwd->multisegment_pdus);
} else {
msp = pdu_store_sequencenumber_of_next_pdu(pinfo,
deseg_seq, nxtseq+pinfo->desegment_len, tcpd->fwd->multisegment_pdus);