Wireshark mailing list archives

Re: Reassembly of split fragments

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Wed, 26 Jan 2022 22:54:19 +0100

Hi,

Few remarks. The mix-27010 dissector is made to dissect frames of type WTAP_ENCAP_MUX27010, or PCAP link layer header 
type, as defined at https://tcpdump.org/linktypes/LINKTYPE_MUX27010.html 
<https://tcpdump.org/linktypes/LINKTYPE_MUX27010.html> There it states what the layout in the PCAP packets ought to be. 
All your variations do not fall into that category, so shouldn't use this PCAP link layer header type, IMHO. Opinions 
on this vary.
Instead you could use one of the USER link layer type (assuming that this is for private use only) in your capture, 
create a dissector for that link layer header type, and handle the defragmentation in there. Once you get that going, 
your complete mux27010 PDUs can then be handed to the (unmodified) mux27010 dissector, which handles the rest. 
As for your defragmentation code, all information should be there in the calls to fragment_add and 
process_reassembled_data for them to determine what the PDU boundaries are. This was you get to be handed single 
mux27010 PDUs, ready for the mux27010 dissector. The ‘rest of the data’ stays in the reassembly table and comes out 
once enough data has been added to it.
Hope it helps

On 26 Jan 2022, at 10:43, Lars Poeschel <poeschel () lemonage de> wrote:

Hello wireshark devs,

I am currently struggling with reassembly of fragments of the mux27010
protocol.
There is a dissector for the mux27010 protocol in wireshark
(packet-mux27010.c) but it does not work with fragments. The mux27010
works on top of a serial line (uart) so there is no ethernet, no IP, no
TCP involved so far. I capture the serial line traffic in pcap format,
but it has no understanding of the mux27010 protocol, so there can be
any possible combination of mux PDU and pcap capture unit in there,

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Reassembly of split fragments Lars Poeschel (Jan 26)
- Re: Reassembly of split fragments Jaap Keuter (Jan 26)
  - Re: Reassembly of split fragments Guy Harris (Jan 27)
- Re: Reassembly of split fragments Tomasz Moń (Jan 27)