diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-07-05 20:59:32 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-07-06 07:25:50 +0000 |
commit | 079d1521c6a24e39d283e3ce4e27d7c399e8e068 (patch) | |
tree | d0bcf45b110171a9d0b267b41863a8b1baf8faf0 /epan/dissectors/packet-tcp.c | |
parent | 8d117f327f54d3a86bd8582c820b4828c0858957 (diff) |
tcp: fix Follow TCP Stream with missing (but ACKed) segments
Restore the direction for the first check_follow_fragments call to match
the situation before commit 57acc227f0 (which broke other things, so its
logic was reimplemented in commit v2.3.0rc0-1449-g66fa31415f ("tcp: Fix
Follow TCP tap data and when its tapped.")).
Ensure that the ACK value is checked before processing the sequence
number and payload for the current flow.
Bug: 14944
Change-Id: If8947d7732683a4943f405eb72b1a8526a35a6dc
Fixes: v2.1.0rc0-1339-g57acc227f0 ("KISS the Follow TCP functionality.")
Reviewed-on: https://code.wireshark.org/review/28612
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-tcp.c')
-rw-r--r-- | epan/dissectors/packet-tcp.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c index 1504be0289..e7dbf65857 100644 --- a/epan/dissectors/packet-tcp.c +++ b/epan/dissectors/packet-tcp.c @@ -964,10 +964,12 @@ check_follow_fragments(follow_info_t *follow_info, gboolean is_server, guint32 a if (fragment_entry == NULL) return FALSE; + fragment = (follow_record_t*)fragment_entry->data; + lowest_seq = fragment->seq; + for (; fragment_entry != NULL; fragment_entry = g_list_next(fragment_entry)) { fragment = (follow_record_t*)fragment_entry->data; - lowest_seq = fragment->seq; if( GT_SEQ(lowest_seq, fragment->seq) ) { lowest_seq = fragment->seq; @@ -1085,6 +1087,14 @@ follow_tcp_tap_listener(void *tapdata, packet_info *pinfo, is_server = !(addresses_equal(&follow_info->client_ip, &pinfo->src) && follow_info->client_port == pinfo->srcport); follow_record->is_server = is_server; + /* Check whether this frame ACKs fragments in flow from the other direction. + * This happens when frames are not in the capture file, but were actually + * seen by the receiving host (Fixes bug 592). + */ + if (follow_info->fragments[!is_server] != NULL) { + while (check_follow_fragments(follow_info, !is_server, follow_data->tcph->th_ack, pinfo->fd->num)); + } + /* update stream counter */ if (follow_info->bytes_written[is_server] == 0) { @@ -1097,16 +1107,6 @@ follow_tcp_tap_listener(void *tapdata, packet_info *pinfo, return FALSE; } - /* Before adding data for this flow, check whether this frame acks - * fragments that were already seen. This happens when frames are - * not in the capture file, but were actually seen by the - * receiving host (Fixes bug 592). - */ - if (follow_info->fragments[is_server] != NULL) - { - while(check_follow_fragments(follow_info, is_server, follow_data->tcph->th_ack, pinfo->fd->num)); - } - /* if we are here, we have already seen this src, let's try and figure out if this packet is in the right place */ if( LT_SEQ(sequence, follow_info->seq[is_server]) ) { |