> -----Original Message-----
> From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On
> Behalf Of Thomas Wiens
> Sent: Saturday, November 9, 2019 7:18 AM
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: [Wireshark-dev] Recursion depth limit for packet reassembly
>
> Hi,
>
> I'm working on a protocol dissector where I'm using packet reassembly.
> Now I've got a capture with 1026 fragments, which fails to reassemble with the
> standard Wireshark (assert fails) due to the limitation to 500 fragments in
> epan/packet.c:
> #define PINFO_LAYER_MAX_RECURSION_DEPTH 500
>
> For testing I just increased the limit up to 2000. With the change the
> reassembly takes some time when I select the last fragment where it's
> reassembled (about 15 seconds on a rather old 32 bit windows machine, but
> there are also hundreds of zlib blocks which are decompressed in the
> dissector). Other that it takes some time and memory, I didn't notice any
> problems.
>
> Is there any reason why it's limited to exactly 500?
> Would it be possible to make this limit configurable in the Wireshark settings
> dialog?
>
> --
> Best Regards
>
> Thomas Wiens
It's probably limited in an attempt to avoid memory exhaustion. If you'd like for it to be configurable, then I would suggest opening a Wireshark enhancement bug request at https://bugs.wireshark.org/bugzilla/ for this. There's no guarantee that it will be implemented though, but that would probably be the best path forward if it is to be implemented.
- Chris
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
