forked from osmocom/wireshark
ca42331437
Currently out-of-order segments will result in cutting a stream into two pieces while the out-of-order segment itself is ignored. For example, a stream of segments "ABDCE" is interpreted as "AB", "DE" with "C" ignored. This behavior breaks TLS decryption or prevent application layer PDUs (such as HTTP requests/responses) from being reconstructed. To fix this, buffer segments when a gap is detected. The proposed approach extends the "multi-segment PDU" (MSP) mechanism which is normally used for linking multiple, sequential TCP segments into a single PDU. When a gap is detected between segments, it is assumed that the segments within this gap are out-of-order and will be received (or retransmitted) later. The current implementation has a limitation though, if multiple gaps exist, then the subdissector will only be called when all gaps are filled (the subdissector will receive segments later than necessary). For example with "ACEBD", "ABC" can already be processed after "B" is received (with "E" still buffered), but due to how MSP are extended, it must receive "D" too before it reassembles "ABCDE". In practice this could mean that the request/response times between HTTP requests and responses are slightly off, but at least the stream is correct now. (These limitations are documented in the User's Guide.) As the feature fails at least the 802.11 decryption test where packets are missing (instead of OoO), hide this feature behind a preference. Tested with captures containing out-of-order TCP segments from the linked bug reports, comparing the effect of toggling the preference on the summary output of tshark, the verbose output (-V) and the two-pass output (-2 or -2V). Captures marked with "ok" just needed "simple" out-of-order handling. Captures marked with "ok2" additionally required the reassembly API change to set the correct reassembled length. This change does "regress" on bug 10289 though when the preference is enabled as retransmitted single-segment PDUs are now passed to subdissectors. I added a TODO comment for this unrelated cosmetic issue. Bug: 3389 # capture 2907 (HTTP) ok Bug: 4727 # capture 4590 (HTTP) ok Bug: 9461 # capture 12130 (TLS/HTTP/RPC-over-HTTP +key 12131) ok Bug: 12006 # capture 14236 (HTTP) ok2; capture 15261 (HTTP) ok Bug: 13517 # capture 15370 (HTTP) ok; capture 16059 (MQ) ok Bug: 13754 # capture 15593 (MySQL) ok2 Bug: 14649 # capture 16305 (WebSocket) ok Change-Id: If3938c5c1c96db8f7f50e39ea779f623ce657d56 Reviewed-on: https://code.wireshark.org/review/27943 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com> |
||
---|---|---|
.. | ||
baseline | ||
captures | ||
config | ||
keys | ||
lua | ||
suite_dfilter | ||
README.test | ||
config.py | ||
hosts.custom | ||
hosts.global | ||
hosts.personal | ||
subprocesstest.py | ||
suite_capture.py | ||
suite_clopts.py | ||
suite_decryption.py | ||
suite_dissection.py | ||
suite_fileformats.py | ||
suite_io.py | ||
suite_mergecap.py | ||
suite_nameres.py | ||
suite_sharkd.py | ||
suite_text2pcap.py | ||
suite_unittests.py | ||
suite_wslua.py | ||
test.py | ||
util_dump_dhcp_pcap.py |
README.test
Wireshark Tests The main testing script is `test.py`. It will attempt to test as much as possible by default, including packet capture. This means that you will probably either have to supply a capture interface (`--capture-interface <interface>`) or disable capture tests (`--disable-capture`). You must also build the test-programs target in order for the unittests suite to pass. To run all tests from CMake do the following: - Pass `-DTEST_EXTRA_ARGS=--disable-capture` or `-DTEST_EXTRA_ARGS=--capture-interface=<interface>` as needed for your system. - Build the “test” target or run ctest, e.g. `ctest --force-new-ctest-process -j 4 --verbose`. To run all tests directly, run `test.py -p /path/to/wireshark-build/run-directory <capture args>`. To see a list of all options, run `test.py -h` or `test.py --help`. To see a list of all tests, run `test.py -l`. See the “Wireshark Tests” chapter of the Developer's Guide for details.