Closed amm3 closed 7 years ago
As I dig through the code, I think this issue might be a symptom of something deeper with how sequence numbers are handled with --followstream_ignore_handshake
active. When I run it, I sometimes get data out of order and constant reports of missing byte sequences; not having the flag shows a pristine connection reconstruction.
I'm putting this pull request on hold until I can sort out the bigger issue. There will likely be another update soon (hopefully) that should fix the bigger issues I'm seeing. If all goes well, it should make this pull request unnecessary.
Good point. Digging in a little further, I think I see the problem. The Connection
constructor sets a default nextoffset
for each direction to 0. These are reinitialized to tcp.seq + 1
from the SYN in each direction when not invoking ignore_handshake.
I may see an easy fix.
This pull is unnecessary with #99.
Custom error handler changed to not report missing bytes when expected sequence number is 0. This condition occurs when using the
--followstream_ignore_handshake
flag even though no bytes were dropped.Yes, there is an outside chance that the real expected sequence would be 0, but it seems like a low enough chance to implement this way. Thoughts?