2001-06-08 06:27:16 +00:00
|
|
|
/* reassemble.h
|
|
|
|
* Declarations of outines for {fragment,segment} reassembly
|
|
|
|
*
|
2006-05-21 05:12:17 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-06-08 06:27:16 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-06-08 06:27:16 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-06-08 06:27:16 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-06-08 06:27:16 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2001-06-08 06:27:16 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/* make sure that all flags that are set in a fragment entry is also set for
|
|
|
|
* the flags field of fd_head !!!
|
|
|
|
*/
|
|
|
|
|
2012-01-19 22:55:37 +00:00
|
|
|
#ifndef REASSEMBLE_H
|
|
|
|
#define REASSEMBLE_H
|
|
|
|
|
2013-03-01 23:53:11 +00:00
|
|
|
#include "ws_symbol_export.h"
|
|
|
|
|
2001-06-08 06:27:16 +00:00
|
|
|
/* only in fd_head: packet is defragmented */
|
|
|
|
#define FD_DEFRAGMENTED 0x0001
|
|
|
|
|
|
|
|
/* there are overlapping fragments */
|
|
|
|
#define FD_OVERLAP 0x0002
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/* overlapping fragments contain different data */
|
|
|
|
#define FD_OVERLAPCONFLICT 0x0004
|
2001-06-08 06:27:16 +00:00
|
|
|
|
|
|
|
/* more than one fragment which indicates end-of data */
|
|
|
|
#define FD_MULTIPLETAILS 0x0008
|
|
|
|
|
When we throw a reassembly error, remember the error, so that, if we
revisit this reassembly (in a multi-pass program such as Wireshark, or
TShark with -2), we'll throw the same error.
In fragment_set_tot_len(), allow the length to be set to a value that's
before the offset of existing fragments; we'll catch that later when the
reassembly completes. This lets us handle some problems with DTLS less
confusingly.
When adding frames to an already-completed reassembly, check for
fragments that overlap existing fragments or go past the end of the
reassembly, and report errors.
When completing a reassembly, make the buffer for the reassembled data
big enough to contain the specified data length for the reassembly, even
if that's less than the offset + length of the last fragment. Flag all
fragments that go past that length as "too long", and only copy out what
part of them fits, if any. That lets us flag the correct fragment or
fragments as being "too long".
When adding fragments, do some additional checks, even if we're not
doing the first pass through the packets, so errors that show up in the
first pass also show up on subsequent passes.
svn path=/trunk/; revision=48909
2013-04-18 02:31:45 +00:00
|
|
|
/* fragment starts before the end of the datagram but extends
|
|
|
|
past the end of the datagram */
|
2001-06-08 06:27:16 +00:00
|
|
|
#define FD_TOOLONGFRAGMENT 0x0010
|
|
|
|
|
2013-07-14 14:42:05 +00:00
|
|
|
/* fragment tvb is subset, don't tvb_free() it */
|
|
|
|
#define FD_SUBSET_TVB 0x0020
|
2002-02-03 23:28:38 +00:00
|
|
|
|
|
|
|
/* this flag is used to request fragment_add to continue the reassembly process */
|
|
|
|
#define FD_PARTIAL_REASSEMBLY 0x0040
|
|
|
|
|
2001-12-15 05:40:32 +00:00
|
|
|
/* fragment offset is indicated by sequence number and not byte offset
|
|
|
|
into the defragmented packet */
|
|
|
|
#define FD_BLOCKSEQUENCE 0x0100
|
|
|
|
|
2007-02-21 06:19:03 +00:00
|
|
|
/* if REASSEMBLE_FLAGS_CHECK_DATA_PRESENT is set, and the first fragment is
|
|
|
|
* incomplete, this flag is set in the flags word on the fd_head returned.
|
|
|
|
*
|
|
|
|
* It's all a fudge to preserve historical behaviour.
|
|
|
|
*/
|
|
|
|
#define FD_DATA_NOT_PRESENT 0x0200
|
|
|
|
|
2009-10-15 19:26:00 +00:00
|
|
|
/* This flag is set in (only) fd_head to denote that datalen has been set to a valid value.
|
2007-02-21 06:19:03 +00:00
|
|
|
* It's implied by FD_DEFRAGMENTED (we must know the total length of the
|
|
|
|
* datagram if we have defragmented it...)
|
|
|
|
*/
|
|
|
|
#define FD_DATALEN_SET 0x0400
|
|
|
|
|
2013-07-17 21:12:24 +00:00
|
|
|
typedef struct _fragment_item {
|
|
|
|
struct _fragment_item *next;
|
When we throw a reassembly error, remember the error, so that, if we
revisit this reassembly (in a multi-pass program such as Wireshark, or
TShark with -2), we'll throw the same error.
In fragment_set_tot_len(), allow the length to be set to a value that's
before the offset of existing fragments; we'll catch that later when the
reassembly completes. This lets us handle some problems with DTLS less
confusingly.
When adding frames to an already-completed reassembly, check for
fragments that overlap existing fragments or go past the end of the
reassembly, and report errors.
When completing a reassembly, make the buffer for the reassembled data
big enough to contain the specified data length for the reassembly, even
if that's less than the offset + length of the last fragment. Flag all
fragments that go past that length as "too long", and only copy out what
part of them fits, if any. That lets us flag the correct fragment or
fragments as being "too long".
When adding fragments, do some additional checks, even if we're not
doing the first pass through the packets, so errors that show up in the
first pass also show up on subsequent passes.
svn path=/trunk/; revision=48909
2013-04-18 02:31:45 +00:00
|
|
|
guint32 frame; /* XXX - does this apply to reassembly heads? */
|
|
|
|
guint32 offset; /* XXX - does this apply to reassembly heads? */
|
|
|
|
guint32 len; /* XXX - does this apply to reassembly heads? */
|
2013-03-25 12:53:26 +00:00
|
|
|
guint32 fragment_nr_offset; /* offset for frame numbering, for sequences, where the
|
|
|
|
* provided fragment number of the first fragment does
|
When we throw a reassembly error, remember the error, so that, if we
revisit this reassembly (in a multi-pass program such as Wireshark, or
TShark with -2), we'll throw the same error.
In fragment_set_tot_len(), allow the length to be set to a value that's
before the offset of existing fragments; we'll catch that later when the
reassembly completes. This lets us handle some problems with DTLS less
confusingly.
When adding frames to an already-completed reassembly, check for
fragments that overlap existing fragments or go past the end of the
reassembly, and report errors.
When completing a reassembly, make the buffer for the reassembled data
big enough to contain the specified data length for the reassembly, even
if that's less than the offset + length of the last fragment. Flag all
fragments that go past that length as "too long", and only copy out what
part of them fits, if any. That lets us flag the correct fragment or
fragments as being "too long".
When adding fragments, do some additional checks, even if we're not
doing the first pass through the packets, so errors that show up in the
first pass also show up on subsequent passes.
svn path=/trunk/; revision=48909
2013-04-18 02:31:45 +00:00
|
|
|
* not start with 0
|
|
|
|
* XXX - does this apply only to reassembly heads? */
|
2007-02-21 06:19:03 +00:00
|
|
|
guint32 datalen; /* Only valid in first item of list and when
|
|
|
|
* flags&FD_DATALEN_SET is set;
|
|
|
|
* number of bytes or (if flags&FD_BLOCKSEQUENCE set)
|
|
|
|
* segments in the datagram */
|
2003-04-09 09:04:08 +00:00
|
|
|
guint32 reassembled_in; /* frame where this PDU was reassembled,
|
|
|
|
only valid in the first item of the list
|
|
|
|
and when FD_DEFRAGMENTED is set*/
|
When we throw a reassembly error, remember the error, so that, if we
revisit this reassembly (in a multi-pass program such as Wireshark, or
TShark with -2), we'll throw the same error.
In fragment_set_tot_len(), allow the length to be set to a value that's
before the offset of existing fragments; we'll catch that later when the
reassembly completes. This lets us handle some problems with DTLS less
confusingly.
When adding frames to an already-completed reassembly, check for
fragments that overlap existing fragments or go past the end of the
reassembly, and report errors.
When completing a reassembly, make the buffer for the reassembled data
big enough to contain the specified data length for the reassembly, even
if that's less than the offset + length of the last fragment. Flag all
fragments that go past that length as "too long", and only copy out what
part of them fits, if any. That lets us flag the correct fragment or
fragments as being "too long".
When adding fragments, do some additional checks, even if we're not
doing the first pass through the packets, so errors that show up in the
first pass also show up on subsequent passes.
svn path=/trunk/; revision=48909
2013-04-18 02:31:45 +00:00
|
|
|
guint32 flags; /* XXX - do some of these apply only to reassembly
|
|
|
|
heads and others only to fragments within
|
|
|
|
a reassembly? */
|
2013-07-14 14:42:05 +00:00
|
|
|
tvbuff_t *tvb_data;
|
When we throw a reassembly error, remember the error, so that, if we
revisit this reassembly (in a multi-pass program such as Wireshark, or
TShark with -2), we'll throw the same error.
In fragment_set_tot_len(), allow the length to be set to a value that's
before the offset of existing fragments; we'll catch that later when the
reassembly completes. This lets us handle some problems with DTLS less
confusingly.
When adding frames to an already-completed reassembly, check for
fragments that overlap existing fragments or go past the end of the
reassembly, and report errors.
When completing a reassembly, make the buffer for the reassembled data
big enough to contain the specified data length for the reassembly, even
if that's less than the offset + length of the last fragment. Flag all
fragments that go past that length as "too long", and only copy out what
part of them fits, if any. That lets us flag the correct fragment or
fragments as being "too long".
When adding fragments, do some additional checks, even if we're not
doing the first pass through the packets, so errors that show up in the
first pass also show up on subsequent passes.
svn path=/trunk/; revision=48909
2013-04-18 02:31:45 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Null if the reassembly had no error; non-null if it had
|
|
|
|
* an error, in which case it's the string for the error.
|
|
|
|
*
|
|
|
|
* XXX - this is wasted in all but the reassembly head; we
|
|
|
|
* should probably have separate data structures for a
|
|
|
|
* reassembly and for the fragments in a reassembly.
|
|
|
|
*/
|
|
|
|
const char *error;
|
2013-07-17 21:12:24 +00:00
|
|
|
} fragment_item, fragment_head;
|
2001-06-08 06:27:16 +00:00
|
|
|
|
2007-02-21 06:19:03 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Flags for fragment_add_seq_*
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* we don't have any sequence numbers - fragments are assumed to appear in
|
|
|
|
* order */
|
|
|
|
#define REASSEMBLE_FLAGS_NO_FRAG_NUMBER 0x0001
|
|
|
|
|
|
|
|
/* a special fudge for the 802.11 dissector */
|
|
|
|
#define REASSEMBLE_FLAGS_802_11_HACK 0x0002
|
|
|
|
|
|
|
|
/* causes fragment_add_seq_key to check that all the fragment data is present
|
|
|
|
* in the tvb, and if not, do something a bit odd. */
|
|
|
|
#define REASSEMBLE_FLAGS_CHECK_DATA_PRESENT 0x0004
|
|
|
|
|
2013-03-22 23:59:54 +00:00
|
|
|
/* a function for creating temporary hash keys */
|
|
|
|
typedef gpointer (*fragment_temporary_key)(const packet_info *pinfo,
|
|
|
|
const guint32 id, const void *data);
|
|
|
|
|
|
|
|
/* a function for creating persistent hash keys */
|
|
|
|
typedef gpointer (*fragment_persistent_key)(const packet_info *pinfo,
|
|
|
|
const guint32 id, const void *data);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Data structure to keep track of fragments and reassemblies.
|
|
|
|
*/
|
|
|
|
typedef struct {
|
|
|
|
GHashTable *fragment_table;
|
|
|
|
GHashTable *reassembled_table;
|
|
|
|
fragment_temporary_key temporary_key_func;
|
|
|
|
fragment_persistent_key persistent_key_func;
|
|
|
|
GDestroyNotify free_temporary_key_func; /* temporary key destruction function */
|
|
|
|
} reassembly_table;
|
2007-02-21 06:19:03 +00:00
|
|
|
|
2001-06-08 06:27:16 +00:00
|
|
|
/*
|
2013-03-22 23:59:54 +00:00
|
|
|
* Table of functions for a reassembly table.
|
|
|
|
*/
|
|
|
|
typedef struct {
|
|
|
|
/* Functions for fragment table */
|
|
|
|
GHashFunc hash_func; /* hash function */
|
|
|
|
GEqualFunc equal_func; /* comparison function */
|
|
|
|
fragment_temporary_key temporary_key_func; /* temporary key creation function */
|
|
|
|
fragment_persistent_key persistent_key_func; /* persistent key creation function */
|
|
|
|
GDestroyNotify free_temporary_key_func; /* temporary key destruction function */
|
|
|
|
GDestroyNotify free_persistent_key_func; /* persistent key destruction function */
|
|
|
|
} reassembly_table_functions;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Tables of functions exported for the benefit of dissectors that
|
|
|
|
* don't need special items in their keys.
|
|
|
|
*/
|
|
|
|
WS_DLL_PUBLIC const reassembly_table_functions
|
|
|
|
addresses_reassembly_table_functions; /* keys have endpoint addresses and an ID */
|
|
|
|
WS_DLL_PUBLIC const reassembly_table_functions
|
|
|
|
addresses_ports_reassembly_table_functions; /* keys have endpoint addresses and ports and an ID */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize/destroy a reassembly table.
|
2012-08-12 20:53:17 +00:00
|
|
|
*
|
|
|
|
* init: If table doesn't exist: create table;
|
|
|
|
* else: just remove any entries;
|
|
|
|
* destroy: remove entries and destroy table;
|
2001-06-08 06:27:16 +00:00
|
|
|
*/
|
2013-03-22 23:59:54 +00:00
|
|
|
WS_DLL_PUBLIC void
|
|
|
|
reassembly_table_init(reassembly_table *table,
|
|
|
|
const reassembly_table_functions *funcs);
|
|
|
|
WS_DLL_PUBLIC void
|
|
|
|
reassembly_table_destroy(reassembly_table *table);
|
Add a separate hash table to the reassembly code for reassembled
packets, using the reassembly ID and the frame number of the final frame
as the key. There is no guarantee that reassembly IDs won't be reused,
even when talking between the same source and destination address; if,
once reassembly is complete, the "fragment_data" structure is moved to
the latter hash table, this will keep reused reassembly IDs from causing
mis-reassembly.
Add a routine "fragment_add_seq_check()", which
if a fragment has the "more fragments" flag not set but is the
first fragment of a reassembly, treats that as a non-fragmented
frame, allocating a "fragment_data" structure for the reassembly
but not attaching any fragment to it, and adding it to a
reassembled packet list;
if a packet has been reassembled, removes it from the table of
reassemblies and moves it to the table of reassembled packets;
if the frame's been seen already, looks it up in the table of
reassembled packets rather than the table of reassemblies.
Add reassembly support for fragmented 802.11 frames. Use
"fragment_add_seq_check()" to cope with the fact that some
hardware+drivers apparently hands us reassembled frames with a non-zero
fragment number and the "more fragments" bit clear (as if it puts the
802.11 header of the *last* fragment onto the reassembled data).
svn path=/trunk/; revision=5177
2002-04-17 08:25:05 +00:00
|
|
|
|
2001-06-08 06:27:16 +00:00
|
|
|
/*
|
2013-03-22 23:59:54 +00:00
|
|
|
* This function adds a new fragment to the reassembly table
|
2001-06-08 06:27:16 +00:00
|
|
|
* If this is the first fragment seen for this datagram, a new entry
|
2013-03-22 23:59:54 +00:00
|
|
|
* is created in the table, otherwise this fragment is just added
|
2001-06-08 06:27:16 +00:00
|
|
|
* to the linked list of fragments for this packet.
|
|
|
|
* The list of fragments for a specific datagram is kept sorted for
|
|
|
|
* easier handling.
|
|
|
|
*
|
|
|
|
* Returns a pointer to the head of the fragment data list if we have all the
|
|
|
|
* fragments, NULL otherwise.
|
|
|
|
*/
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_add(reassembly_table *table, tvbuff_t *tvb, const int offset,
|
|
|
|
const packet_info *pinfo, const guint32 id, const void *data,
|
|
|
|
const guint32 frag_offset, const guint32 frag_data_len,
|
|
|
|
const gboolean more_frags);
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_add_multiple_ok(reassembly_table *table, tvbuff_t *tvb,
|
|
|
|
const int offset, const packet_info *pinfo,
|
|
|
|
const guint32 id, const void *data,
|
|
|
|
const guint32 frag_offset,
|
|
|
|
const guint32 frag_data_len,
|
|
|
|
const gboolean more_frags);
|
2001-11-24 09:36:40 +00:00
|
|
|
|
2008-03-15 20:14:29 +00:00
|
|
|
/*
|
2013-03-22 23:59:54 +00:00
|
|
|
* This routine extends fragment_add to use a "reassembled_table"
|
|
|
|
* included in the reassembly table.
|
2008-03-15 20:14:29 +00:00
|
|
|
*
|
|
|
|
* If, after processing this fragment, we have all the fragments, they
|
|
|
|
* remove that from the fragment hash table if necessary and add it
|
|
|
|
* to the table of reassembled fragments, and return a pointer to the
|
|
|
|
* head of the fragment list.
|
|
|
|
*/
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_add_check(reassembly_table *table, tvbuff_t *tvb, const int offset,
|
|
|
|
const packet_info *pinfo, const guint32 id,
|
|
|
|
const void *data, const guint32 frag_offset,
|
|
|
|
const guint32 frag_data_len, const gboolean more_frags);
|
We can't use the frame_data structure as a key structure when looking
for reassembled frames - in Tethereal, there's only one frame_data
structure used for all frames. Instead, use the frame number itself as
the key.
Add a "fragment_add_check()" routine, for fragments where there's a
fragment offset rather than a fragment sequence number, which does the
same sort of thing as "fragment_add_seq_check()" - i.e., once reassembly
is done, it puts the reassembled fragment into a separate hash table, so
that there're only incomplete reassemblies in the fragment hash table.
That's necessary in order to handle cases where the packet ID field can
be reused.
Use that routine for IPv4 fragment reassembly - IP IDs can be reused (in
fact, RFC 791 suggests that doing so might be a feature:
It is appropriate for some higher level protocols to choose the
identifier. For example, TCP protocol modules may retransmit an
identical TCP segment, and the probability for correct reception
would be enhanced if the retransmission carried the same identifier
as the original transmission since fragments of either datagram
could be used to construct a correct TCP segment.
and RFC 1122 says that it's permitted to do so, although it also says
"we believe that retransmitting the same Identification field is not
useful":
3.2.1.5 Identification: RFC-791 Section 3.2
When sending an identical copy of an earlier datagram, a
host MAY optionally retain the same Identification field in
the copy.
DISCUSSION:
Some Internet protocol experts have maintained that
when a host sends an identical copy of an earlier
datagram, the new copy should contain the same
Identification value as the original. There are two
suggested advantages: (1) if the datagrams are
fragmented and some of the fragments are lost, the
receiver may be able to reconstruct a complete datagram
from fragments of the original and the copies; (2) a
congested gateway might use the IP Identification field
(and Fragment Offset) to discard duplicate datagrams
from the queue.
However, the observed patterns of datagram loss in the
Internet do not favor the probability of retransmitted
fragments filling reassembly gaps, while other
mechanisms (e.g., TCP repacketizing upon
retransmission) tend to prevent retransmission of an
identical datagram [IP:9]. Therefore, we believe that
retransmitting the same Identification field is not
useful. Also, a connectionless transport protocol like
UDP would require the cooperation of the application
programs to retain the same Identification value in
identical datagrams.
and, in any case, I've seen that in at least one capture, and it
confuses the current reassembly code).
Unfortunately, that means that fragments other than the last fragment
can't be tagged with the frame number in which the reassembly was done;
see the comment in packet-ip.c for a discussion of that problem.
svn path=/trunk/; revision=7506
2003-04-20 00:11:28 +00:00
|
|
|
|
2002-04-17 04:54:30 +00:00
|
|
|
/* same as fragment_add() but this one assumes frag_number is a block
|
|
|
|
sequence number. note that frag_number is 0 for the first fragment. */
|
2007-02-21 06:19:03 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* These functions add a new fragment to the fragment hash table,
|
|
|
|
* assuming that frag_number is a block sequence number (starting from zero for
|
|
|
|
* the first fragment of each datagram).
|
|
|
|
*
|
|
|
|
* If this is the first fragment seen for this datagram, a new
|
2013-07-17 21:12:24 +00:00
|
|
|
* "fragment_head" structure is allocated to refer to the reassembled
|
2007-02-21 06:19:03 +00:00
|
|
|
* packet, and:
|
|
|
|
*
|
|
|
|
* if "more_frags" is false, and either we have no sequence numbers, or
|
|
|
|
* are using the 802.11 hack, it is assumed that this is the only fragment
|
|
|
|
* in the datagram. The structure is not added to the hash
|
|
|
|
* table, and not given any fragments to refer to, but is just returned.
|
|
|
|
*
|
|
|
|
* In this latter case reassembly wasn't done (since there was only one
|
|
|
|
* fragment in the packet); dissectors can check the 'next' pointer on the
|
|
|
|
* returned list to see if this case was hit or not.
|
|
|
|
*
|
|
|
|
* Otherwise, this fragment is just added to the linked list of fragments
|
2013-07-17 21:12:24 +00:00
|
|
|
* for this packet; the fragment_item is also added to the fragment hash if
|
2007-02-21 06:19:03 +00:00
|
|
|
* necessary.
|
|
|
|
*
|
|
|
|
* If this packet completes assembly, these functions return the head of the
|
|
|
|
* fragment data; otherwise, they return null.
|
|
|
|
*/
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_add_seq(reassembly_table *table, tvbuff_t *tvb, const int offset,
|
2014-02-25 20:42:35 +00:00
|
|
|
const packet_info *pinfo, const guint32 id, const void *data,
|
2013-03-22 23:59:54 +00:00
|
|
|
const guint32 frag_number, const guint32 frag_data_len,
|
|
|
|
const gboolean more_frags, const guint32 flags);
|
2004-06-24 07:43:24 +00:00
|
|
|
|
Add a separate hash table to the reassembly code for reassembled
packets, using the reassembly ID and the frame number of the final frame
as the key. There is no guarantee that reassembly IDs won't be reused,
even when talking between the same source and destination address; if,
once reassembly is complete, the "fragment_data" structure is moved to
the latter hash table, this will keep reused reassembly IDs from causing
mis-reassembly.
Add a routine "fragment_add_seq_check()", which
if a fragment has the "more fragments" flag not set but is the
first fragment of a reassembly, treats that as a non-fragmented
frame, allocating a "fragment_data" structure for the reassembly
but not attaching any fragment to it, and adding it to a
reassembled packet list;
if a packet has been reassembled, removes it from the table of
reassemblies and moves it to the table of reassembled packets;
if the frame's been seen already, looks it up in the table of
reassembled packets rather than the table of reassemblies.
Add reassembly support for fragmented 802.11 frames. Use
"fragment_add_seq_check()" to cope with the fact that some
hardware+drivers apparently hands us reassembled frames with a non-zero
fragment number and the "more fragments" bit clear (as if it puts the
802.11 header of the *last* fragment onto the reassembled data).
svn path=/trunk/; revision=5177
2002-04-17 08:25:05 +00:00
|
|
|
/*
|
2013-03-22 23:59:54 +00:00
|
|
|
* These routines extend fragment_add_seq to use the "reassembled_table".
|
Add a separate hash table to the reassembly code for reassembled
packets, using the reassembly ID and the frame number of the final frame
as the key. There is no guarantee that reassembly IDs won't be reused,
even when talking between the same source and destination address; if,
once reassembly is complete, the "fragment_data" structure is moved to
the latter hash table, this will keep reused reassembly IDs from causing
mis-reassembly.
Add a routine "fragment_add_seq_check()", which
if a fragment has the "more fragments" flag not set but is the
first fragment of a reassembly, treats that as a non-fragmented
frame, allocating a "fragment_data" structure for the reassembly
but not attaching any fragment to it, and adding it to a
reassembled packet list;
if a packet has been reassembled, removes it from the table of
reassemblies and moves it to the table of reassembled packets;
if the frame's been seen already, looks it up in the table of
reassembled packets rather than the table of reassemblies.
Add reassembly support for fragmented 802.11 frames. Use
"fragment_add_seq_check()" to cope with the fact that some
hardware+drivers apparently hands us reassembled frames with a non-zero
fragment number and the "more fragments" bit clear (as if it puts the
802.11 header of the *last* fragment onto the reassembled data).
svn path=/trunk/; revision=5177
2002-04-17 08:25:05 +00:00
|
|
|
*
|
2003-12-20 03:21:20 +00:00
|
|
|
* If, after processing this fragment, we have all the fragments, they
|
|
|
|
* remove that from the fragment hash table if necessary and add it
|
|
|
|
* to the table of reassembled fragments, and return a pointer to the
|
|
|
|
* head of the fragment list.
|
Add a separate hash table to the reassembly code for reassembled
packets, using the reassembly ID and the frame number of the final frame
as the key. There is no guarantee that reassembly IDs won't be reused,
even when talking between the same source and destination address; if,
once reassembly is complete, the "fragment_data" structure is moved to
the latter hash table, this will keep reused reassembly IDs from causing
mis-reassembly.
Add a routine "fragment_add_seq_check()", which
if a fragment has the "more fragments" flag not set but is the
first fragment of a reassembly, treats that as a non-fragmented
frame, allocating a "fragment_data" structure for the reassembly
but not attaching any fragment to it, and adding it to a
reassembled packet list;
if a packet has been reassembled, removes it from the table of
reassemblies and moves it to the table of reassembled packets;
if the frame's been seen already, looks it up in the table of
reassembled packets rather than the table of reassemblies.
Add reassembly support for fragmented 802.11 frames. Use
"fragment_add_seq_check()" to cope with the fact that some
hardware+drivers apparently hands us reassembled frames with a non-zero
fragment number and the "more fragments" bit clear (as if it puts the
802.11 header of the *last* fragment onto the reassembled data).
svn path=/trunk/; revision=5177
2002-04-17 08:25:05 +00:00
|
|
|
*/
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_add_seq_check(reassembly_table *table, tvbuff_t *tvb, const int offset,
|
2010-05-24 15:13:02 +00:00
|
|
|
const packet_info *pinfo, const guint32 id,
|
2013-03-22 23:59:54 +00:00
|
|
|
const void *data,
|
|
|
|
const guint32 frag_number, const guint32 frag_data_len,
|
|
|
|
const gboolean more_frags);
|
Add a separate hash table to the reassembly code for reassembled
packets, using the reassembly ID and the frame number of the final frame
as the key. There is no guarantee that reassembly IDs won't be reused,
even when talking between the same source and destination address; if,
once reassembly is complete, the "fragment_data" structure is moved to
the latter hash table, this will keep reused reassembly IDs from causing
mis-reassembly.
Add a routine "fragment_add_seq_check()", which
if a fragment has the "more fragments" flag not set but is the
first fragment of a reassembly, treats that as a non-fragmented
frame, allocating a "fragment_data" structure for the reassembly
but not attaching any fragment to it, and adding it to a
reassembled packet list;
if a packet has been reassembled, removes it from the table of
reassemblies and moves it to the table of reassembled packets;
if the frame's been seen already, looks it up in the table of
reassembled packets rather than the table of reassemblies.
Add reassembly support for fragmented 802.11 frames. Use
"fragment_add_seq_check()" to cope with the fact that some
hardware+drivers apparently hands us reassembled frames with a non-zero
fragment number and the "more fragments" bit clear (as if it puts the
802.11 header of the *last* fragment onto the reassembled data).
svn path=/trunk/; revision=5177
2002-04-17 08:25:05 +00:00
|
|
|
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_add_seq_802_11(reassembly_table *table, tvbuff_t *tvb,
|
|
|
|
const int offset, const packet_info *pinfo,
|
|
|
|
const guint32 id, const void *data,
|
2010-05-24 15:13:02 +00:00
|
|
|
const guint32 frag_number, const guint32 frag_data_len,
|
|
|
|
const gboolean more_frags);
|
2003-12-20 03:21:20 +00:00
|
|
|
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_add_seq_next(reassembly_table *table, tvbuff_t *tvb, const int offset,
|
|
|
|
const packet_info *pinfo, const guint32 id,
|
|
|
|
const void *data, const guint32 frag_data_len,
|
|
|
|
const gboolean more_frags);
|
2002-10-24 06:17:36 +00:00
|
|
|
|
2013-03-22 23:59:54 +00:00
|
|
|
WS_DLL_PUBLIC void
|
|
|
|
fragment_start_seq_check(reassembly_table *table, const packet_info *pinfo,
|
2014-02-25 20:42:35 +00:00
|
|
|
const guint32 id, const void *data,
|
2010-04-03 18:18:50 +00:00
|
|
|
const guint32 tot_len);
|
2007-08-15 22:24:05 +00:00
|
|
|
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_end_seq_next(reassembly_table *table, const packet_info *pinfo,
|
|
|
|
const guint32 id, const void *data);
|
2013-03-25 12:53:26 +00:00
|
|
|
|
|
|
|
/* To specify the offset for the fragment numbering, the first fragment is added with 0, and
|
|
|
|
* afterwards this offset is set. All additional calls to off_seq_check will calculate
|
|
|
|
* the number in sequence in regards to the offset */
|
|
|
|
WS_DLL_PUBLIC void
|
|
|
|
fragment_add_seq_offset(reassembly_table *table, const packet_info *pinfo, const guint32 id,
|
|
|
|
const void *data, const guint32 fragment_offset);
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/* to specify how much to reassemble, for fragmentation where last fragment can not be
|
2001-11-24 09:36:40 +00:00
|
|
|
* identified by flags or such.
|
2001-12-15 05:40:32 +00:00
|
|
|
* note that for FD_BLOCKSEQUENCE tot_len is the index for the tail fragment.
|
2002-08-28 21:04:11 +00:00
|
|
|
* i.e. since the block numbers start at 0, if we specify tot_len==2, that
|
2001-12-15 05:40:32 +00:00
|
|
|
* actually means we want to defragment 3 blocks, block 0, 1 and 2.
|
|
|
|
*
|
2001-11-24 09:36:40 +00:00
|
|
|
*/
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC void
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_set_tot_len(reassembly_table *table, const packet_info *pinfo,
|
|
|
|
const guint32 id, const void *data, const guint32 tot_len);
|
2002-05-24 11:51:14 +00:00
|
|
|
|
|
|
|
/* to resad whatever totlen previously set */
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC guint32
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_get_tot_len(reassembly_table *table, const packet_info *pinfo,
|
|
|
|
const guint32 id, const void *data);
|
2002-05-24 11:51:14 +00:00
|
|
|
|
2002-02-03 23:28:38 +00:00
|
|
|
/*
|
|
|
|
* This function will set the partial reassembly flag(FD_PARTIAL_REASSEMBLY) for a fh.
|
|
|
|
* When this function is called, the fh MUST already exist, i.e.
|
|
|
|
* the fh MUST be created by the initial call to fragment_add() before
|
2002-08-28 21:04:11 +00:00
|
|
|
* this function is called. Also note that this function MUST be called to indicate
|
2002-02-03 23:28:38 +00:00
|
|
|
* a fh will be extended (increase the already stored data). After calling this function,
|
|
|
|
* and if FD_DEFRAGMENTED is set, the reassembly process will be continued.
|
|
|
|
*/
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC void
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_set_partial_reassembly(reassembly_table *table,
|
|
|
|
const packet_info *pinfo, const guint32 id,
|
|
|
|
const void *data);
|
2001-11-24 09:36:40 +00:00
|
|
|
|
|
|
|
/* This function is used to check if there is partial or completed reassembly state
|
|
|
|
* matching this packet. I.e. Are there reassembly going on or not for this packet?
|
|
|
|
*/
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_get(reassembly_table *table, const packet_info *pinfo,
|
|
|
|
const guint32 id, const void *data);
|
2001-11-24 09:36:40 +00:00
|
|
|
|
2005-09-12 00:16:57 +00:00
|
|
|
/* The same for the reassemble table */
|
2006-01-22 16:47:16 +00:00
|
|
|
/* id *must* be the frame number for this to work! */
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_get_reassembled(reassembly_table *table, const guint32 id);
|
2005-09-12 00:16:57 +00:00
|
|
|
|
2013-07-17 21:12:24 +00:00
|
|
|
WS_DLL_PUBLIC fragment_head *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_get_reassembled_id(reassembly_table *table, const packet_info *pinfo,
|
|
|
|
const guint32 id);
|
2006-01-22 16:47:16 +00:00
|
|
|
|
2001-11-24 09:36:40 +00:00
|
|
|
/* This will free up all resources and delete reassembly state for this PDU.
|
|
|
|
* Except if the PDU is completely reassembled, then it would NOT deallocate the
|
2013-07-14 14:42:05 +00:00
|
|
|
* buffer holding the reassembled data but instead return the TVB
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
|
|
|
* So, if you call fragment_delete and it returns non-NULL, YOU are responsible to
|
2013-07-14 14:42:05 +00:00
|
|
|
* tvb_free() .
|
2001-11-24 09:36:40 +00:00
|
|
|
*/
|
2013-07-14 14:42:05 +00:00
|
|
|
WS_DLL_PUBLIC tvbuff_t *
|
2013-03-22 23:59:54 +00:00
|
|
|
fragment_delete(reassembly_table *table, const packet_info *pinfo,
|
|
|
|
const guint32 id, const void *data);
|
2002-06-05 11:21:49 +00:00
|
|
|
|
2012-09-07 02:09:59 +00:00
|
|
|
/* This struct holds references to all the tree and field handles used when
|
|
|
|
* displaying the reassembled fragment tree in the packet details view. A
|
|
|
|
* dissector will populate this structure with its own tree and field handles
|
|
|
|
* and then invoke show_fragement_tree to have those items added to the packet
|
|
|
|
* details tree.
|
|
|
|
*/
|
2002-06-05 11:21:49 +00:00
|
|
|
typedef struct _fragment_items {
|
2012-09-07 02:09:59 +00:00
|
|
|
gint *ett_fragment;
|
|
|
|
gint *ett_fragments;
|
|
|
|
|
2013-10-09 21:59:41 +00:00
|
|
|
int *hf_fragments; /* FT_NONE */
|
2012-09-07 02:09:59 +00:00
|
|
|
int *hf_fragment; /* FT_FRAMENUM */
|
|
|
|
int *hf_fragment_overlap; /* FT_BOOLEAN */
|
|
|
|
int *hf_fragment_overlap_conflict; /* FT_BOOLEAN */
|
|
|
|
int *hf_fragment_multiple_tails; /* FT_BOOLEAN */
|
|
|
|
int *hf_fragment_too_long_fragment; /* FT_BOOLEAN */
|
|
|
|
int *hf_fragment_error; /* FT_FRAMENUM */
|
|
|
|
int *hf_fragment_count; /* FT_UINT32 */
|
|
|
|
int *hf_reassembled_in; /* FT_FRAMENUM */
|
|
|
|
int *hf_reassembled_length; /* FT_UINT32 */
|
|
|
|
int *hf_reassembled_data; /* FT_BYTES */
|
|
|
|
|
|
|
|
const char *tag;
|
2002-06-05 11:21:49 +00:00
|
|
|
} fragment_items;
|
2002-06-07 10:11:41 +00:00
|
|
|
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC tvbuff_t *
|
2010-04-03 18:18:50 +00:00
|
|
|
process_reassembled_data(tvbuff_t *tvb, const int offset, packet_info *pinfo,
|
2013-07-17 21:12:24 +00:00
|
|
|
const char *name, fragment_head *fd_head, const fragment_items *fit,
|
2003-04-20 11:36:16 +00:00
|
|
|
gboolean *update_col_infop, proto_tree *tree);
|
2003-04-20 08:06:01 +00:00
|
|
|
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC gboolean
|
2013-07-17 21:12:24 +00:00
|
|
|
show_fragment_tree(fragment_head *ipfd_head, const fragment_items *fit,
|
2005-06-02 18:52:55 +00:00
|
|
|
proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);
|
2002-06-07 10:11:41 +00:00
|
|
|
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC gboolean
|
2013-07-17 21:12:24 +00:00
|
|
|
show_fragment_seq_tree(fragment_head *ipfd_head, const fragment_items *fit,
|
2005-06-02 20:55:58 +00:00
|
|
|
proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);
|
2012-01-19 22:55:37 +00:00
|
|
|
|
|
|
|
#endif
|