diff options
| author | Uli Heilmeier <uh@heilmeier.eu> | 2016-09-08 16:00:29 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2016-10-06 04:22:06 +0000 |
| commit | 2bd456df196b02e4f16d20bf7eb440ea46502c66 (patch) | |
| tree | c4de2979abb6a864bede77d85a4cc9e6346aab44 | |
| parent | c95828d6372ff0e3c848e4fced27ae567893cae5 (diff) | |
| download | wireshark-2bd456df196b02e4f16d20bf7eb440ea46502c66.tar.gz wireshark-2bd456df196b02e4f16d20bf7eb440ea46502c66.tar.bz2 wireshark-2bd456df196b02e4f16d20bf7eb440ea46502c66.zip | |
TCP: Fix next sequence number for SYN/FIN packets with payload
The next sequence number is off by one when there is TCP payload
in a SYN or FIN packet (e.g. when using TCP FastOpen).
Bug: 12579
Bug: 12838
Change-Id: Idb68cea4b4dcba39461019c08db09367cbfc6d68
Reviewed-on: https://code.wireshark.org/review/16239
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(cherry picked from commit 12d55fb917dad1aaba8429b24cb1eac49c3cd11f)
Reviewed-on: https://code.wireshark.org/review/17975
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-tcp.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/epan/dissectors/packet-tcp.c b/epan/dissectors/packet-tcp.c index 1e9af51401..623459bbe0 100644 --- a/epan/dissectors/packet-tcp.c +++ b/epan/dissectors/packet-tcp.c @@ -5523,6 +5523,9 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) /* Compute the sequence number of next octet after this segment. */ nxtseq = tcph->th_seq + tcph->th_seglen; + if ((tcph->th_flags&(TH_SYN|TH_FIN)) && (tcph->th_seglen > 0)) { + nxtseq += 1; + } } } else tcph->th_have_seglen = FALSE; @@ -6033,6 +6036,14 @@ dissect_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) */ proto_tree_add_item(tcp_tree, hf_tcp_reset_cause, tvb, offset, captured_length_remaining, ENC_NA|ENC_ASCII); } else { + /* + * XXX - dissect_tcp_payload() expects the payload length, however + * SYN and FIN increments the nxtseq by one without having + * the data. + */ + if ((tcph->th_flags&(TH_FIN|TH_SYN)) && (tcph->th_seglen > 0)) { + nxtseq -= 1; + } dissect_tcp_payload(tvb, pinfo, offset, tcph->th_seq, nxtseq, tcph->th_sport, tcph->th_dport, tree, tcp_tree, tcpd, &tcpinfo); } |