Comment # 1
on bug 11079
from Peter Wu
Created attachment 14073 [details]
SSL/HTTP capture; response split over 2 TCP segments, 1+5 TLS records (master
key in capture file comments)
I found that the problem is in this part of packet-ssl.c:
1002 /* is it completely desegmented? */
1003 if (ipfd_head) {
1004 /*
1005 * Yes, we think it is.
1006 * We only call subdissector for the last segment.
1007 * Note that the last segment may include more than what
1008 * we needed.
1009 */
1010 if (ipfd_head->reassembled_in == pinfo->fd->num) {
1011 /*
1012 * OK, this is the last segment.
1013 * Let's call the subdissector with the desegmented
1014 * data.
1015 */
Whenever the subdissector requests desegmentation spanning multiple SSL
records, the duplication somehow occurs because both SSL records ("segments")
are in the same frame.
The problem does not occur when all SSL records are reassembled in a single
frame, then passed to a subdissector.
The attached capture is a smaller test case that shows the problem with 1 TCP
segment having one TLS record and another with 5 aggregated TLS records. The
result on v2.0.0 and v2.1.0rc0-838-gf777d68 is that five HTTP trees are
displayed.
You are receiving this mail because:
- You are watching all bug changes.
