From fba99bdef13b627d137fea56f2e7a3a6de3faaa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dr=2E=20Lars=20V=C3=B6lker?= Date: Wed, 13 Jan 2021 21:52:13 +0100 Subject: [PATCH] DoIP: Make finding start of message more robust This patch allows the DoIP dissector to better identify the start of messages, if the start of the TCP connection is missing or packet loss occurred in the trace. Fixes: #17149 --- epan/dissectors/packet-doip.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/epan/dissectors/packet-doip.c b/epan/dissectors/packet-doip.c index bf8965980b..56203481e6 100644 --- a/epan/dissectors/packet-doip.c +++ b/epan/dissectors/packet-doip.c @@ -678,6 +678,15 @@ dissect_doip_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) static guint get_doip_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *p _U_) { + guint8 ver1 = tvb_get_guint8(tvb, DOIP_VERSION_OFFSET); + guint8 ver2 = tvb_get_guint8(tvb, DOIP_INV_VERSION_OFFSET); + + if (ver1 != ((~ver2) & 0xff)) { + /* if ver2 is not the inverse of ver1, we are not at the start of a DoIP message! */ + /* bounds_error: (0 < return < DOIP_HEADER_LEN) */ + return 1; + } + /* PDU Length = length field value + header length */ return (guint)tvb_get_ntohl(tvb, offset + DOIP_LENGTH_OFFSET) + DOIP_HEADER_LEN; }