Hi all, I have few questions with regards to eliminating the duplicate fragments for a plugin written on top of UDP.
Q1: I would like to know how we can obtain UDP CRC from within the custom plugin written on top of UDP? I tried to get the checksum by providing a negative offset(-2) to tvb_get_ntohs(tvb, offset), but that doesn't work. Is there any other way to obtain the UDP CRC from within my plugin? Q2: Currently, the re-assembly of the fragments is happening using the: fragment_add_seq_check and then, process_reassembled_data, which cannot handle duplicate fragments. For eg: frag 0, frag 0, frag 1, frag 1, frag 2, frag 2. (assuming there are 3 fragments). Each fragment contains a seq. no. that I can utilize. I tried to use the following: fd_head = fragment_get(pinfo, uniqueid, msg_fragment_table); and tried to iterate the through the list to find if there is fragment with the current fragment number in the msg_fragment_table, and only then, call the fragment_add_seq_check(...). Is there a better way to do this? Is there a simpler way to make the re-assembly code aware that it is a duplicate fragment? Any suggestions would help me a lot, Regards, On 3/26/09, philippe alarcon <[email protected]> wrote: > > Hi, > > If your dissector is on top of UDP, you can check the UDP checksum. > > The CRC should be the same for identical fragments. > > Regards > Philippe > > Date: Wed, 25 Mar 2009 17:13:35 -0800 > From: [email protected] > To: [email protected] > Subject: [Wireshark-dev] How to handle duplicate fragments for a > plugin written on top of UDP? > > Hi, > > We have a legacy custom plugin (written on top of UDP), which handles > multicast packets which may be fragmented, which works fine for normal > scenarios. However, the plugin fails to decode for the cases where there can > be duplicate fragments (for eg. one coming from the actual host and another > one from a firewall). The fragments are exactly the same excepting that the > ethernet source address is different. > > > Can someone give me pointers as to how we could handle this special case > when re-assembling the fragments? Is there a way to ignore packets coming > from the firewall? Are there any sample plugins that have handled this case, > which I can refer to? > > > Any suggestions would help me a lot, > > Thanks, > siri > > > _________________________________________________________________ > Téléphonez gratuitement à tous vos proches avec Windows Live Messenger ! > Téléchargez-le maintenant ! > http://www.windowslive.fr/messenger/1.asp ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
