| Bug ID |
11183
|
| Summary |
Diameter: Reassembly does not work when the first segment is too short
|
| Product |
Wireshark
|
| Version |
1.12.4
|
| Hardware |
All
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 13599 [details]
pcap with segmented diameter
Build Information:
TShark 1.12.4 (91842c9 from master)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.42.1, with libpcap, with libz 1.2.3, without
POSIX
capabilities, without libnl, without SMI, without c-ares, without ADNS, without
Lua, without Python, without GnuTLS, without Gcrypt, with MIT Kerberos, without
GeoIP.
Running on Linux 2.6.32-220.7.1.el6.x86_64, with locale en_US.UTF-8, with
libpcap version 1.7.2, with libz 1.2.3.
Intel(R) Xeon(R) CPU X3440 @ 2.53GHz
Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-11).
--
When diameter message is segmented and the first segment is too short the
reassembly does not work correctly because of added checks in function
check_diameter (packet-diameter.c).
In our case (the attached pcap, packet 5) the first segment has length=4,
check_diameter returns FALSE and it is not considered as the begin of new
diameter message and the remaining packets (6,7) are not reassembled correctly.
Wireshark 1.10 would reassemble it correctly.
You are receiving this mail because:
- You are watching all bug changes.
