diff options
author | Evan Huus <eapache@gmail.com> | 2014-01-29 18:04:20 -0500 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2014-01-30 22:11:41 +0000 |
commit | 21e0a63b295a159b5876018eb03d714a4600a8eb (patch) | |
tree | 7b0e20bbae04b5d581de5620adcc6beeebf85aff /wiretap | |
parent | 458b83568399b8bc620a01e8b92dc5cffe7b763e (diff) |
Add remove_last_data_source and fix bug 9169
The OP asked 9169 to be reopened because the capture was spewing ~40GB of output
when dissected with tshark. Investigation showed this was because the HTTP
dissector was requesting ONE_MORE_PACKET reassembly a lot, and TCP was adding
each step as a data-source which was being printed by tshark's hex dump. This
was leading to O(n^2) of output.
To fix, introduce function remove_last_data_source which removes the most recent
data source from the list. If the subdissector in TCP reassembly asks for
ONE_MORE_PACKET, assume it hasn't added any tree items (since it shouldn't have)
and remove the data source since it is unnecessary.
This may break dissectors which add tree items and *then* return
ONE_MORE_PACKET, since they will have their data source removed out from under
them. I believe those cases should be fixed to not add tree items until they're
sure they have enough data.
Change-Id: Iff07f959b8b8bd1acda9bff03f7c8684901ba8aa
Reviewed-on: https://code.wireshark.org/review/38
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'wiretap')
0 files changed, 0 insertions, 0 deletions