2001-06-08 06:27:16 +00:00
|
|
|
/* reassemble.h
|
|
|
|
|
* Declarations of outines for {fragment,segment} reassembly
|
|
|
|
|
*
|
2002-06-07 10:11:41 +00:00
|
|
|
* $Id: reassemble.h,v 1.9 2002/06/07 10:11:41 guy Exp $
|
2001-06-08 06:27:16 +00:00
|
|
|
*
|
|
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* make sure that all flags that are set in a fragment entry is also set for
|
|
|
|
|
* the flags field of fd_head !!!
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* only in fd_head: packet is defragmented */
|
|
|
|
|
#define FD_DEFRAGMENTED 0x0001
|
|
|
|
|
|
|
|
|
|
/* there are overlapping fragments */
|
|
|
|
|
#define FD_OVERLAP 0x0002
|
|
|
|
|
|
|
|
|
|
/* overlapping fragments contain different data */
|
|
|
|
|
#define FD_OVERLAPCONFLICT 0x0004
|
|
|
|
|
|
|
|
|
|
/* more than one fragment which indicates end-of data */
|
|
|
|
|
#define FD_MULTIPLETAILS 0x0008
|
|
|
|
|
|
|
|
|
|
/* fragment contains data past the end of the datagram */
|
|
|
|
|
#define FD_TOOLONGFRAGMENT 0x0010
|
|
|
|
|
|
2002-02-03 23:28:38 +00:00
|
|
|
/* fragment data not alloced, fd->data pointing to fd_head->data+fd->offset */
|
|
|
|
|
#define FD_NOT_MALLOCED 0x0020
|
|
|
|
|
|
|
|
|
|
/* this flag is used to request fragment_add to continue the reassembly process */
|
|
|
|
|
#define FD_PARTIAL_REASSEMBLY 0x0040
|
|
|
|
|
|
2001-12-15 05:40:32 +00:00
|
|
|
/* fragment offset is indicated by sequence number and not byte offset
|
|
|
|
|
into the defragmented packet */
|
|
|
|
|
#define FD_BLOCKSEQUENCE 0x0100
|
|
|
|
|
|
2001-06-08 06:27:16 +00:00
|
|
|
typedef struct _fragment_data {
|
|
|
|
|
struct _fragment_data *next;
|
|
|
|
|
guint32 frame;
|
|
|
|
|
guint32 offset;
|
|
|
|
|
guint32 len;
|
|
|
|
|
guint32 datalen; /*Only valid in first item of list */
|
|
|
|
|
guint32 flags;
|
|
|
|
|
unsigned char *data;
|
|
|
|
|
} fragment_data;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Initialize a fragment table.
|
|
|
|
|
*/
|
|
|
|
|
void fragment_table_init(GHashTable **fragment_table);
|
|
|
|
|
|
Add a separate hash table to the reassembly code for reassembled
packets, using the reassembly ID and the frame number of the final frame
as the key. There is no guarantee that reassembly IDs won't be reused,
even when talking between the same source and destination address; if,
once reassembly is complete, the "fragment_data" structure is moved to
the latter hash table, this will keep reused reassembly IDs from causing
mis-reassembly.
Add a routine "fragment_add_seq_check()", which
if a fragment has the "more fragments" flag not set but is the
first fragment of a reassembly, treats that as a non-fragmented
frame, allocating a "fragment_data" structure for the reassembly
but not attaching any fragment to it, and adding it to a
reassembled packet list;
if a packet has been reassembled, removes it from the table of
reassemblies and moves it to the table of reassembled packets;
if the frame's been seen already, looks it up in the table of
reassembled packets rather than the table of reassemblies.
Add reassembly support for fragmented 802.11 frames. Use
"fragment_add_seq_check()" to cope with the fact that some
hardware+drivers apparently hands us reassembled frames with a non-zero
fragment number and the "more fragments" bit clear (as if it puts the
802.11 header of the *last* fragment onto the reassembled data).
svn path=/trunk/; revision=5177
2002-04-17 08:25:05 +00:00
|
|
|
/*
|
|
|
|
|
* Initialize a reassembled-packet table.
|
|
|
|
|
*/
|
|
|
|
|
void reassembled_table_init(GHashTable **reassembled_table);
|
|
|
|
|
|
2001-06-08 06:27:16 +00:00
|
|
|
/*
|
|
|
|
|
* Free up all space allocated for fragment keys and data.
|
|
|
|
|
*/
|
|
|
|
|
void reassemble_init(void);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This function adds a new fragment to the fragment hash table.
|
|
|
|
|
* If this is the first fragment seen for this datagram, a new entry
|
|
|
|
|
* is created in the hash table, otherwise this fragment is just added
|
|
|
|
|
* to the linked list of fragments for this packet.
|
|
|
|
|
* The list of fragments for a specific datagram is kept sorted for
|
|
|
|
|
* easier handling.
|
|
|
|
|
*
|
|
|
|
|
* Returns a pointer to the head of the fragment data list if we have all the
|
|
|
|
|
* fragments, NULL otherwise.
|
|
|
|
|
*/
|
|
|
|
|
fragment_data *fragment_add(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
|
|
|
guint32 id, GHashTable *fragment_table, guint32 frag_offset,
|
|
|
|
|
guint32 frag_data_len, gboolean more_frags);
|
2001-11-24 09:36:40 +00:00
|
|
|
|
2002-04-17 04:54:30 +00:00
|
|
|
/* same as fragment_add() but this one assumes frag_number is a block
|
|
|
|
|
sequence number. note that frag_number is 0 for the first fragment. */
|
2001-12-15 05:40:32 +00:00
|
|
|
fragment_data *fragment_add_seq(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
2002-04-17 04:54:30 +00:00
|
|
|
guint32 id, GHashTable *fragment_table, guint32 frag_number,
|
2001-12-15 05:40:32 +00:00
|
|
|
guint32 frag_data_len, gboolean more_frags);
|
|
|
|
|
|
Add a separate hash table to the reassembly code for reassembled
packets, using the reassembly ID and the frame number of the final frame
as the key. There is no guarantee that reassembly IDs won't be reused,
even when talking between the same source and destination address; if,
once reassembly is complete, the "fragment_data" structure is moved to
the latter hash table, this will keep reused reassembly IDs from causing
mis-reassembly.
Add a routine "fragment_add_seq_check()", which
if a fragment has the "more fragments" flag not set but is the
first fragment of a reassembly, treats that as a non-fragmented
frame, allocating a "fragment_data" structure for the reassembly
but not attaching any fragment to it, and adding it to a
reassembled packet list;
if a packet has been reassembled, removes it from the table of
reassemblies and moves it to the table of reassembled packets;
if the frame's been seen already, looks it up in the table of
reassembled packets rather than the table of reassemblies.
Add reassembly support for fragmented 802.11 frames. Use
"fragment_add_seq_check()" to cope with the fact that some
hardware+drivers apparently hands us reassembled frames with a non-zero
fragment number and the "more fragments" bit clear (as if it puts the
802.11 header of the *last* fragment onto the reassembled data).
svn path=/trunk/; revision=5177
2002-04-17 08:25:05 +00:00
|
|
|
/*
|
|
|
|
|
* This function adds a new fragment to the fragment hash table.
|
|
|
|
|
* If this is the first fragment seen for this datagram, a new
|
|
|
|
|
* "fragment_data" structure is allocated to refer to the reassembled,
|
|
|
|
|
* packet, and:
|
|
|
|
|
*
|
|
|
|
|
* if "more_frags" is false, the structure is not added to
|
|
|
|
|
* the hash table, and not given any fragments to refer to,
|
|
|
|
|
* but is just returned;
|
|
|
|
|
*
|
|
|
|
|
* if "more_frags" is true, this fragment is added to the linked
|
|
|
|
|
* list of fragments for this packet, and the "fragment_data"
|
|
|
|
|
* structure is put into the hash table.
|
|
|
|
|
*
|
|
|
|
|
* Otherwise, this fragment is just added to the linked list of fragments
|
|
|
|
|
* for this packet.
|
|
|
|
|
*
|
|
|
|
|
* Returns a pointer to the head of the fragment data list, and removes
|
|
|
|
|
* that from the fragment hash table if necessary and adds it to the
|
|
|
|
|
* table of reassembled fragments, if we have all the fragments or if
|
|
|
|
|
* this is the only fragment and "more_frags" is false, returns NULL
|
|
|
|
|
* otherwise.
|
|
|
|
|
*
|
|
|
|
|
* This function assumes frag_number being a block sequence number.
|
|
|
|
|
* The bsn for the first block is 0.
|
|
|
|
|
*/
|
|
|
|
|
fragment_data *
|
|
|
|
|
fragment_add_seq_check(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
|
|
|
guint32 id, GHashTable *fragment_table,
|
|
|
|
|
GHashTable *reassembled_table, guint32 frag_number,
|
|
|
|
|
guint32 frag_data_len, gboolean more_frags);
|
|
|
|
|
|
2001-11-24 09:36:40 +00:00
|
|
|
/* to specify how much to reassemble, for fragmentation where last fragment can not be
|
|
|
|
|
* identified by flags or such.
|
2001-12-15 05:40:32 +00:00
|
|
|
* note that for FD_BLOCKSEQUENCE tot_len is the index for the tail fragment.
|
|
|
|
|
* i.e. since the block numbers start at 0, if we specify tot_len==2, that
|
|
|
|
|
* actually means we want to defragment 3 blocks, block 0, 1 and 2.
|
|
|
|
|
*
|
2001-11-24 09:36:40 +00:00
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
fragment_set_tot_len(packet_info *pinfo, guint32 id, GHashTable *fragment_table,
|
|
|
|
|
guint32 tot_len);
|
2002-05-24 11:51:14 +00:00
|
|
|
|
|
|
|
|
/* to resad whatever totlen previously set */
|
|
|
|
|
guint32
|
|
|
|
|
fragment_get_tot_len(packet_info *pinfo, guint32 id, GHashTable *fragment_table);
|
|
|
|
|
|
2002-02-03 23:28:38 +00:00
|
|
|
/*
|
|
|
|
|
* This function will set the partial reassembly flag(FD_PARTIAL_REASSEMBLY) for a fh.
|
|
|
|
|
* When this function is called, the fh MUST already exist, i.e.
|
|
|
|
|
* the fh MUST be created by the initial call to fragment_add() before
|
|
|
|
|
* this function is called. Also note that this function MUST be called to indicate
|
|
|
|
|
* a fh will be extended (increase the already stored data). After calling this function,
|
|
|
|
|
* and if FD_DEFRAGMENTED is set, the reassembly process will be continued.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
fragment_set_partial_reassembly(packet_info *pinfo, guint32 id, GHashTable *fragment_table);
|
2001-11-24 09:36:40 +00:00
|
|
|
|
|
|
|
|
/* This function is used to check if there is partial or completed reassembly state
|
|
|
|
|
* matching this packet. I.e. Are there reassembly going on or not for this packet?
|
|
|
|
|
*/
|
|
|
|
|
fragment_data *
|
|
|
|
|
fragment_get(packet_info *pinfo, guint32 id, GHashTable *fragment_table);
|
|
|
|
|
|
|
|
|
|
/* This will free up all resources and delete reassembly state for this PDU.
|
|
|
|
|
* Except if the PDU is completely reassembled, then it would NOT deallocate the
|
|
|
|
|
* buffer holding the reassembled data but instead return the pointer to that
|
|
|
|
|
* buffer.
|
|
|
|
|
*
|
|
|
|
|
* So, if you call fragment_delete and it returns non-NULL, YOU are responsible to
|
|
|
|
|
* g_free() that buffer.
|
|
|
|
|
*/
|
|
|
|
|
unsigned char *
|
|
|
|
|
fragment_delete(packet_info *pinfo, guint32 id, GHashTable *fragment_table);
|
2002-06-05 11:21:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
typedef struct _fragment_items {
|
|
|
|
|
gint *ett_fragment;
|
|
|
|
|
gint *ett_fragments;
|
|
|
|
|
|
|
|
|
|
int *hf_fragments;
|
|
|
|
|
int *hf_fragment;
|
|
|
|
|
int *hf_fragment_overlap;
|
|
|
|
|
int *hf_fragment_overlap_conflict;
|
|
|
|
|
int *hf_fragment_multiple_tails;
|
|
|
|
|
int *hf_fragment_too_long_fragment;
|
|
|
|
|
int *hf_fragment_error;
|
2002-06-07 10:11:41 +00:00
|
|
|
|
|
|
|
|
char *tag;
|
2002-06-05 11:21:49 +00:00
|
|
|
} fragment_items;
|
2002-06-07 10:11:41 +00:00
|
|
|
|
|
|
|
|
extern gboolean
|
|
|
|
|
show_fragment_tree(fragment_data *ipfd_head, fragment_items *fit,
|
|
|
|
|
proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb);
|
|
|
|
|
|
|
|
|
|
extern gboolean
|
|
|
|
|
show_fragment_seq_tree(fragment_data *ipfd_head, fragment_items *fit,
|
|
|
|
|
proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb);
|