Wireshark mailing list archives

Re: Get fragments from reassembly table

From: Anton Glukhov <anton.a.glukhov () gmail com>
Date: Thu, 22 Mar 2018 18:10:41 +0100

Great idea! I think I can store it in conversation structure, because I
already use it to track some parameters of fragments.

2018-03-22 18:00 GMT+01:00 Peter Wu <peter () lekensteyn nl>:

On Thu, Mar 22, 2018 at 04:07:05PM +0100, Anton Glukhov wrote:

I have dissector which works with fragments and reassembling by using
fragment_add_check() and process_reassembled_data() functions. Now I got
one problem. Each new fragment must be validated thought CRC32

calculation,

but not for itself but for all previous fragments together. Here is an
example: imagine that we received 3 fragments and now they are already in
fragment_table. Next 4th fragment is coming and we need to verify it. In
order to verify it we have to take all previous fragments(all 3 previous)
out, concatenate them, calculate crc32 for all _four_ fragments together
and put 4th fragment into fragment_table by using function
fragment_add_check(). So, it looks like we do "temporary" reassemble for
each new packet with all previous packet. Could you help me with ideas

how

to design it better?


Can you somehow identify the individual fragments outside the reassembly
table? If so, what about storing the CRC32 value of the last fragment
(for example, in a hash table or linked list), then look that up and use
it as seed for the CRC32 calculation with your new fragment?
--
Kind regards,
Peter Wu
https://lekensteyn.nl
____________________________________________________________
_______________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=
unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Get fragments from reassembly table Anton Glukhov (Mar 22)
- Re: Get fragments from reassembly table Peter Wu (Mar 22)
  - Re: Get fragments from reassembly table Anton Glukhov (Mar 22)