diff options
author | Guy Harris <guy@alum.mit.edu> | 2003-05-21 06:28:03 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2003-05-21 06:28:03 +0000 |
commit | 524a84b5e9159d3b1cbae12a017bf4f31e23b613 (patch) | |
tree | 286e18c006fac9c83e829e7b86988961c9740a38 | |
parent | 3847052a875ee3c94fc1859b07e478697820c0e9 (diff) |
If the reported length of the TCP packet is less than the TCP header
length, we can't get the segment length (although we can at least try to
dissect the header). If that's the case, put in Ronnie's "short
segment" note.
Also, put into the information we pass to TCP taps an indication of
whether the segment length is valid or not.
svn path=/trunk/; revision=7705
-rw-r--r-- | packet-tcp.c | 56 | ||||
-rw-r--r-- | packet-tcp.h | 3 |
2 files changed, 36 insertions, 23 deletions
diff --git a/packet-tcp.c b/packet-tcp.c index 96c97e4dd2..e3cb03c646 100644 --- a/packet-tcp.c +++ b/packet-tcp.c @@ -1,7 +1,7 @@ /* packet-tcp.c * Routines for TCP packet disassembly * - * $Id: packet-tcp.c,v 1.195 2003/05/21 05:57:24 guy Exp $ + * $Id: packet-tcp.c,v 1.196 2003/05/21 06:28:03 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -2157,32 +2157,44 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * length is bigger than the actual data available in the frame; the * dissectors should trust that length, and then throw a * ReportedBoundsError exception when they go past the end of the frame.) + * + * We also can't determine the segment length if the reported length + * of the TCP packet is less than the TCP header length. */ reported_len = tvb_reported_length(tvb); if (!pinfo->fragmented && !pinfo->in_error_pkt) { - /* Compute the length of data in this segment. */ - tcph->th_seglen = reported_len - tcph->th_hlen; + if (reported_len < tcph->th_hlen) { + proto_tree_add_text(tcp_tree, tvb, offset, 0, + "Short segment. Segment/fragment does not contain a full TCP header" + " (might be NMAP or someone else deliberately sending unusual packets)"); + tcph->th_have_seglen = FALSE; + } else { + /* Compute the length of data in this segment. */ + tcph->th_seglen = reported_len - tcph->th_hlen; + tcph->th_have_seglen = TRUE; - if (tree) { /* Add the seglen as an invisible field */ + if (tree) { /* Add the seglen as an invisible field */ - proto_tree_add_uint_hidden(ti, hf_tcp_len, tvb, offset, 4, tcph->th_seglen); + proto_tree_add_uint_hidden(ti, hf_tcp_len, tvb, offset, 4, tcph->th_seglen); - } + } - /* handle TCP seq# analysis parse all new segments we see */ - if(tcp_analyze_seq){ - if(!(pinfo->fd->flags.visited)){ - tcp_analyze_sequence_number(pinfo, tcph->th_seq, tcph->th_ack, tcph->th_seglen, tcph->th_flags, tcph->th_win); - } - if(tcp_relative_seq){ - tcp_get_relative_seq_ack(pinfo->fd->num, &(tcph->th_seq), &(tcph->th_ack)); - } - } + /* handle TCP seq# analysis parse all new segments we see */ + if(tcp_analyze_seq){ + if(!(pinfo->fd->flags.visited)){ + tcp_analyze_sequence_number(pinfo, tcph->th_seq, tcph->th_ack, tcph->th_seglen, tcph->th_flags, tcph->th_win); + } + if(tcp_relative_seq){ + tcp_get_relative_seq_ack(pinfo->fd->num, &(tcph->th_seq), &(tcph->th_ack)); + } + } - /* Compute the sequence number of next octet after this segment. */ - nxtseq = tcph->th_seq + tcph->th_seglen; - } + /* Compute the sequence number of next octet after this segment. */ + nxtseq = tcph->th_seq + tcph->th_seglen; + } + } else + tcph->th_have_seglen = FALSE; if (check_col(pinfo->cinfo, COL_INFO) || tree) { for (i = 0; i < 8; i++) { @@ -2230,11 +2242,11 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (tree) { if (tcp_summary_in_tree) { proto_item_append_text(ti, ", Ack: %u", tcph->th_ack); - if (!pinfo->fragmented && !pinfo->in_error_pkt) + if (tcph->th_have_seglen) proto_item_append_text(ti, ", Len: %u", tcph->th_seglen); } proto_item_set_len(ti, tcph->th_hlen); - if (!pinfo->fragmented && !pinfo->in_error_pkt) { + if (tcph->th_have_seglen) { if (nxtseq != tcph->th_seq) { proto_tree_add_uint(tcp_tree, hf_tcp_nxtseq, tvb, offset, 0, nxtseq); } @@ -2368,7 +2380,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } else tcpinfo.urgent = FALSE; - if (!pinfo->fragmented && !pinfo->in_error_pkt) { + if (tcph->th_have_seglen) { if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, " Len=%u", tcph->th_seglen); } @@ -2392,7 +2404,7 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) (it could be an ACK-only packet) */ length_remaining = tvb_length_remaining(tvb, offset); - if (!pinfo->fragmented && !pinfo->in_error_pkt) { + if (tcph->th_have_seglen) { if( data_out_file ) { reassemble_tcp( tcph->th_seq, /* sequence number */ tcph->th_seglen, /* data length */ diff --git a/packet-tcp.h b/packet-tcp.h index dcc5600355..391260cd88 100644 --- a/packet-tcp.h +++ b/packet-tcp.h @@ -1,6 +1,6 @@ /* packet-tcp.h * - * $Id: packet-tcp.h,v 1.15 2003/04/23 10:20:29 sahlberg Exp $ + * $Id: packet-tcp.h,v 1.16 2003/05/21 06:28:03 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -39,6 +39,7 @@ struct tcpheader { guint32 th_seq; guint32 th_ack; + gboolean th_have_seglen; /* TRUE if th_seglen is valid */ guint32 th_seglen; guint16 th_win; guint16 th_sport; |