I'm writing a dissector plugin for a protocol that supports fragmentation.
I've made some good progress with dissecting the non-fragment packets, but
the fragmentation reassembly not so much.
The fragment packet headers include a PDU length, a tag, and the offset of
the current fragment in the full PDU. There is no explicit information as
to whether a given fragment is the "last", so I am trying to figure out how
to supply the final argument to fragment_add_check.
I could keep track of the fragment lengths and offsets seen so far, and
calculate for myself when all fragments have been received. But this seems
to duplicate some of what wireshark is already doing via the reassembly
hash tables. Is there a clever way for me to ask wireshark when the final
fragment has been received?
Also a broader question: is there a good resource for the wireshark
fragmentation API? I don't see anything in the files under doc/, and the
online Developer's Guide has a chapter but it only covers a couple of
functions. If you want to use any of the others, all you get is the
comments in reassemble.h.
Thank you very much!
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
