Re: TCP and IP reassembling code

[Guy Harris <guy () alum mit edu>]

On Apr 9, 2014, at 9:26 AM, Hadriel Kaplan <hadriel.kaplan () oracle com> wrote:

> On Apr 9, 2014, at 12:09 PM, Aaron Lewis <the.warl0ck.1989 () gmail com> wrote:
>
> > Hi
> >
> > Where can I find the TCP and IP reassembling code in Wireshark,
>
> epan/reassemble.h
> epan/reassemble.c

...and the code that calls it in packet-ip.c, packet-ipv6.c, and packet-tcp.c.

Note that TCP reassembly is more complicated.  Most protocols that involve some form of fragmentation and reassembly 
define it at the protocol layer, so only the protocol's dissector is involved.  TCP, however, has no notion of packets 
in the service it offers; the service it offers is a byte stream with no packet boundaries in it, so reassembly 
involves both TCP *and* the protocol running atop it; that protocol specifies the packet boundaries in the byte stream, 
and its dissector needs to tell the TCP dissector when packets begin and end.

> > Is that re-usable?
>
> Yes, it's used by a bunch of dissectors. (grep for 'reassembly_table_init')

I.e., "reusable" from within Wireshark.  It wasn't designed to be extracted from Wireshark and used elsewhere, if 
that's the re-use you have in mind; it might be possible to do so, but it'd be significant work.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe