Wireshark-dev: Re: [Wireshark-dev] Reassembly of IP fragments gets confused by multiple packets
From: Michael Mann <[email protected]>
Date: Wed, 20 Jan 2016 10:28:35 -0500
-----Original Message-----
From: Anders Broman <[email protected]>
To: wireshark-dev <[email protected]>
Sent: Wed, Jan 20, 2016 10:13 am
Subject: [Wireshark-dev] Reassembly of IP fragments gets confused by multiple packets on different VLANS

I just came across a problem where reassembly of IP fragments failed/messed up, see https://code.wireshark.org/review/#/c/13452/
The problem was fixed by changing line 2409 in packet-ip.c to
                                   iph->ip_p ^ iph->ip_id ^ src32 ^ dst32 ^ pinfo->vlan_id,
e.g throw vlan_id into the mix as well.
A better fix might be to change the addresses_reassembly_table_functions functions ( reassembly.c line 152) to include
VLAN Id as well, Opinions?
I think similar problems may exist in the TCP dissector too e.g TCP messages on different VLANS seen as duplicates possibly messing up
TCP analysis and reassembly. Perhaps conversations should take VLAN into account too.
Best regards
Sent via:    Wireshark-dev mailing list <[email protected]>
mailto:[email protected]?subject=unsubscribe