Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9303] some DCERPC fragment are not identify leading to corrupted RPC payload

Wireshark-bugs: [Wireshark-bugs] [Bug 9303] some DCERPC fragment are not identify leading to cor

Date: Wed, 30 Oct 2013 07:19:31 +0000

Comment # 6 on bug 9303 from Matthieu Patou

(In reply to comment #5)
> Why does this need to be persistent (either via a global or p_set_proto_data
> or etc)? It's all within the same function, so doesn't a plain old local
> variable do just as well?

The thing is that we go back and force between multiple dissectors (ie. TCP and
DCERPC) so the plain old local variable is not a solution.

Why are we going back and force ? Because DCE dissector ask TCP to desegment so
tvb with just the desegmented data is passed first to the DCE dissector when
the dissector finish the control goes back to the TCP dissector which then
realize that there is remaining bytes in the TCP payload of this packet.
The TCP dissector will call each dissectors one more time to know if one can
handle the remaining chunk.

HTH

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 9303] New: some DCERPC fragment are not identify leading to corrupted RPC payload
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9112] epan/follow.c - Incorrect "bytes missing in capture file" in "check_fragments" due to an unsigned int wraparound?
Next by Date: [Wireshark-bugs] [Bug 9337] dissect SID28
Previous by thread: [Wireshark-bugs] [Bug 9303] some DCERPC fragment are not identify leading to corrupted RPC payload
Next by thread: [Wireshark-bugs] [Bug 9304] New: DCEPRC fragment are not correctly reported in the fragment list
Index(es):
- Date
- Thread