wireshark: detect and skip obviously broken messages When a TCP segment is lost Wireshark may attempt to start a PDU in the middle of an OpenFlow message. This breaks framing and can make the rest of the capture useless. These checks attempt to detect this and skip this segment, hopefully restarting dissection at the beginning of the next message.

commit: fba8f143a717a13539dc30ee5bde5217b66b3f9e [log] [tgz]
author: Rich Lane <rlane@bigswitch.com> Fri Jun 06 16:24:14 2014 -0700
committer: Rich Lane <rlane@bigswitch.com> Fri Jun 06 16:24:14 2014 -0700
tree: 244152ae2bd2b6137e15eb087df7fdd0dcc65656
parent: ed09bfe4d391f4dbddffa36746b218ed3f5682c1 [diff]
diff --git a/wireshark_gen/templates/openflow.lua b/wireshark_gen/templates/openflow.lua
index fea6676..3d62727 100644
--- a/wireshark_gen/templates/openflow.lua
+++ b/wireshark_gen/templates/openflow.lua

@@ -154,11 +154,14 @@
     current_pkt = pkt
     repeat
         if buf:len() - offset >= 4 then
+            local msg_version = buf(offset,1):uint()
+            local msg_type = buf(offset+1,1):uint()
             local msg_len = buf(offset+2,2):uint()
 
-            if msg_len < 8 then
-                break
-            end
+            -- Detect obviously broken messages
+            if msg_version == 0 or msg_version > 4 then break end
+            if msg_type > 29 then break end
+            if msg_len < 8 then break end
 
             if offset + msg_len > buf:len() then
                 -- we don't have all the data we need yet
commit	fba8f143a717a13539dc30ee5bde5217b66b3f9e	[log] [tgz]
author	Rich Lane <rlane@bigswitch.com>	Fri Jun 06 16:24:14 2014 -0700
committer	Rich Lane <rlane@bigswitch.com>	Fri Jun 06 16:24:14 2014 -0700
tree	244152ae2bd2b6137e15eb087df7fdd0dcc65656
parent	ed09bfe4d391f4dbddffa36746b218ed3f5682c1 [diff]