Wireshark mailing list archives
Re: fragments and reassembly
From: Mike Morrin <morrinmike () gmail com>
Date: Thu, 30 Aug 2012 07:15:28 +0100
On 30/08/2012 02:09, mmann78 () netscape net wrote:
It appears that the reassembly API doesn't handle inserting "known middle" fragments (preferring them to be known consecutively). This appears to be at least one of the reasons the SCTP dissector does its own reassembly and why the new Bluetooth dissector from bug 7675 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7675) may need to do its own reassembly as well. Am I understanding the reassembly API correctly or am I just not being creative enough to understand how to represent a "known middle" fragment with the current API?
The GPRS SNDCP (acknowledged mode) protocol is another first-middle-last protocol that isn't handled by the current reassemble.c, see comment 1 in bug 2857.
I think it manages to insert "known middle fragments" OK, but reassembly generally fails for other reasons.
I came to the conclusion that it is not practical to add this type of reassembly to the existing functions, and a new function is needed.
The hard part (IMO) is garbage collection for protocols where the segment number wraps around frequently, if a dropped packet (in the trace but not end to end) blocks the reassembly of a PDU, then multiple PDUs can get mashed together when the segment number is next used.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- fragments and reassembly mmann78 (Aug 29)
- Re: fragments and reassembly Mike Morrin (Aug 29)