diff options
author | Guy Harris <guy@alum.mit.edu> | 2001-11-29 09:05:25 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2001-11-29 09:05:25 +0000 |
commit | 3396fb27775653bf37decb1432f6646b387b7a0a (patch) | |
tree | e7819d6917de02e0bc49a69cdc5a1458daedc93b /packet-smb.c | |
parent | ec19562f1ac6c81cf75fa6c2d9388436ea90f1dd (diff) |
Update from Ronnie Sahlberg:
1. Changes how can_desegment works so that can_desegment is
only != 0 for whichever dissector is running immediately on
top of whoever offers the can_desegment service.
Thus DCERPC needs no special handling to see if it can trust
can_desegment (which is currently only available ontop of TCP
and not ontop of tcp->nbss->smb).
2. Changes fragment reassembly of transaction smb to only show
the defragmented packet for the transaction smb holding the
first fragment.
To see why, test it with a transaction SMB containing a ~60kb
PDU or larger. The old behaviour had approximately quadratic
behaviour regarding runtime for dissecting such PDUs.
(example: NetShareEnum is a command which can grow really really
large if the number of shares and comments are large)
svn path=/trunk/; revision=4296
Diffstat (limited to 'packet-smb.c')
-rw-r--r-- | packet-smb.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/packet-smb.c b/packet-smb.c index 9622b9d363..cb8e518f66 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -2,7 +2,7 @@ * Routines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb.c,v 1.175 2001/11/29 08:36:56 guy Exp $ + * $Id: packet-smb.c,v 1.176 2001/11/29 09:05:22 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -686,6 +686,9 @@ smb_trans_defragment(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, { fragment_data *fd_head=NULL; smb_info_t *si; + int more_frags; + + more_frags=totlen>(pos+count); si = (smb_info_t *)pinfo->private_data; if (si->sip == NULL) { @@ -709,12 +712,19 @@ smb_trans_defragment(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, if(!pinfo->fd->flags.visited){ fd_head = fragment_add(tvb, offset, pinfo, si->sip->frame_req, smb_trans_fragment_table, - pos, count, totlen>(pos+count)); + pos, count, more_frags); } else { fd_head = fragment_get(pinfo, si->sip->frame_req, smb_trans_fragment_table); } - if(fd_head && fd_head->flags&FD_DEFRAGMENTED){ + /* we only show the defragmented packet for the first fragment, + or else we might end up with dissecting one HUGE transaction PDU + a LOT of times. (first fragment is the only one containing the setup + bytes) + I have seen ONE Transaction PDU that is ~60kb, spanning many Transaction + SMBs. Takes a LOT of time dissecting and is not fun. + */ + if( (pos==0) && fd_head && fd_head->flags&FD_DEFRAGMENTED){ return fd_head; } else { return NULL; @@ -10708,7 +10718,7 @@ dissect_transaction_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree po, pc, pd, td+tp); } - if(dc && (tvb_length_remaining(tvb, od)>=dc) ){ + if((r_fd==NULL) && dc && (tvb_length_remaining(tvb, od)>=dc) ){ r_fd = smb_trans_defragment(tree, pinfo, tvb, od, dc, dd+tp, td+tp); } |