Wireshark mailing list archives
Re: save_fragmented
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Mon, 28 Sep 2015 15:14:49 -0400
On 09/25/15 07:32, João Valverde wrote:
Hi, What's the use case for save_fragmented? The documentation doesn't explain why it's there: https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html The context leads me to think that save_fragmented is only relevant in this case because the example deals with a custom fragmentation protocol over UDP... Maybe for IP-in-IP it would be significant too but could someone please clarify for me the intended usage? Does something else happen using pinfo->fragmented after the IPv4/IPv6 dissector returns?
pinfo->fragmented is useful for exception processing: it should be set to TRUE when a subdissector is called on a fragment of a message so that, when that subdissector runs off the end of the (short) PDU (generating an exception), Wireshark will tell the user it's an "unreassembled packet" rather than a "malformed packet."
It should be set back to the saved value so that if there's another PDU in the frame (which might not be fragmented--yes, that would be weird in some protocols but it might be normal in others) then Wireshark will do the right thing if that PDU's subdissector (also) runs off the end of the TVB. That is, if the 2nd (non-fragmented) PDU's subdissector runs off the end of the TVB Wireshark will correctly report "malformed packet."
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- save_fragmented João Valverde (Sep 25)
- Re: save_fragmented Jeff Morriss (Sep 28)