#include "ws_symbol_export.h"

Classes
struct	_fragment_item

struct	_fragment_head

struct	reassembly_table

struct	reassembly_table_functions

struct	_fragment_items

Macros
#define	FD_DEFRAGMENTED 0x0001

#define	FD_OVERLAP 0x0002

#define	FD_OVERLAPCONFLICT 0x0004

#define	FD_MULTIPLETAILS 0x0008

#define	FD_TOOLONGFRAGMENT 0x0010

#define	FD_SUBSET_TVB 0x0020

#define	FD_PARTIAL_REASSEMBLY 0x0040

#define	FD_BLOCKSEQUENCE 0x0100

#define	FD_DATALEN_SET 0x0400

#define	REASSEMBLE_FLAGS_NO_FRAG_NUMBER 0x0001

#define	REASSEMBLE_FLAGS_802_11_HACK 0x0002

#define	REASSEMBLE_FLAGS_AGING 0x0001

#define	REASSEMBLE_ITEMS_DEFINE(var_prefix, name_prefix)

#define	REASSEMBLE_INIT_HF_ITEMS(var_prefix, name_prefix, abbrev_prefix)

#define	REASSEMBLE_INIT_ETT_ITEMS(var_prefix)

Typedefs
typedef struct _fragment_item	fragment_item

typedef struct _fragment_head	fragment_head

typedef void (	fragment_temporary_key) (const packet_info pinfo, const uint32_t id, const void data)

typedef void (	fragment_persistent_key) (const packet_info pinfo, const uint32_t id, const void data)

typedef struct _fragment_items	fragment_items

typedef struct streaming_reassembly_info_t	streaming_reassembly_info_t

Functions
WS_DLL_PUBLIC void	reassembly_table_register (reassembly_table table, const reassembly_table_functions funcs)

WS_DLL_PUBLIC void	reassembly_table_init (reassembly_table table, const reassembly_table_functions funcs)

WS_DLL_PUBLIC void	reassembly_table_destroy (reassembly_table *table)

WS_DLL_PUBLIC fragment_head *	fragment_add (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_offset, const uint32_t frag_data_len, const bool more_frags)

WS_DLL_PUBLIC fragment_head *	fragment_add_multiple_ok (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_offset, const uint32_t frag_data_len, const bool more_frags)

WS_DLL_PUBLIC fragment_head *	fragment_add_out_of_order (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_offset, const uint32_t frag_data_len, const bool more_frags, const uint32_t frag_frame)

WS_DLL_PUBLIC fragment_head *	fragment_add_check (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_offset, const uint32_t frag_data_len, const bool more_frags)

WS_DLL_PUBLIC fragment_head *	fragment_add_check_with_fallback (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_offset, const uint32_t frag_data_len, const bool more_frags, const uint32_t fallback_frame)

WS_DLL_PUBLIC fragment_head *	fragment_add_seq (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_number, const uint32_t frag_data_len, const bool more_frags, const uint32_t flags)

WS_DLL_PUBLIC fragment_head *	fragment_add_seq_check (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_number, const uint32_t frag_data_len, const bool more_frags)

WS_DLL_PUBLIC fragment_head *	fragment_add_seq_802_11 (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_number, const uint32_t frag_data_len, const bool more_frags)

WS_DLL_PUBLIC fragment_head *	fragment_add_seq_next (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_data_len, const bool more_frags)

WS_DLL_PUBLIC fragment_head *	fragment_add_seq_single (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_data_len, const bool first, const bool last, const uint32_t max_frags)

WS_DLL_PUBLIC fragment_head *	fragment_add_seq_single_aging (reassembly_table table, tvbuff_t tvb, const int offset, const packet_info pinfo, const uint32_t id, const void data, const uint32_t frag_data_len, const bool first, const bool last, const uint32_t max_frags, const uint32_t max_age)

WS_DLL_PUBLIC void	fragment_start_seq_check (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data, const uint32_t tot_len)

WS_DLL_PUBLIC fragment_head *	fragment_end_seq_next (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data)

WS_DLL_PUBLIC void	fragment_add_seq_offset (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data, const uint32_t fragment_offset)

WS_DLL_PUBLIC void	fragment_set_tot_len (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data, const uint32_t tot_len)

void	fragment_reset_tot_len (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data, const uint32_t tot_len)

void	fragment_truncate (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data, const uint32_t tot_len)

WS_DLL_PUBLIC uint32_t	fragment_get_tot_len (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data)

WS_DLL_PUBLIC void	fragment_set_partial_reassembly (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data)

WS_DLL_PUBLIC fragment_head *	fragment_get (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data)

WS_DLL_PUBLIC fragment_head *	fragment_get_reassembled_id (reassembly_table table, const packet_info pinfo, const uint32_t id)

WS_DLL_PUBLIC tvbuff_t *	fragment_delete (reassembly_table table, const packet_info pinfo, const uint32_t id, const void *data)

WS_DLL_PUBLIC tvbuff_t *	process_reassembled_data (tvbuff_t tvb, const int offset, packet_info pinfo, const char name, fragment_head fd_head, const fragment_items fit, bool update_col_infop, proto_tree *tree)

WS_DLL_PUBLIC bool	show_fragment_tree (fragment_head ipfd_head, const fragment_items fit, proto_tree tree, packet_info pinfo, tvbuff_t tvb, proto_item *fi)

WS_DLL_PUBLIC bool	show_fragment_seq_tree (fragment_head ipfd_head, const fragment_items fit, proto_tree tree, packet_info pinfo, tvbuff_t tvb, proto_item *fi)

void	reassembly_tables_init (void)

void	reassembly_table_cleanup (void)

WS_DLL_PUBLIC streaming_reassembly_info_t *	streaming_reassembly_info_new (void)

WS_DLL_PUBLIC int	reassemble_streaming_data_and_call_subdissector (tvbuff_t tvb, packet_info pinfo, unsigned offset, int length, proto_tree segment_tree, proto_tree reassembled_tree, reassembly_table streaming_reassembly_table, streaming_reassembly_info_t reassembly_info, uint64_t cur_frame_num, dissector_handle_t subdissector_handle, proto_tree subdissector_tree, void subdissector_data, const char label, const fragment_items *frag_hf_items, int hf_segment_data)

WS_DLL_PUBLIC int	additional_bytes_expected_to_complete_reassembly (streaming_reassembly_info_t *reassembly_info)

Variables
WS_DLL_PUBLIC const reassembly_table_functions	addresses_reassembly_table_functions

WS_DLL_PUBLIC const reassembly_table_functions	addresses_ports_reassembly_table_functions

Detailed Description

Declarations of routines for {fragment,segment} reassembly

SPDX-License-Identifier: GPL-2.0-or-later

Macro Definition Documentation

◆ REASSEMBLE_INIT_ETT_ITEMS

#define REASSEMBLE_INIT_ETT_ITEMS ( var_prefix )

Value:

&ett_##var_prefix##_fragment, \

&ett_##var_prefix##_fragments

_fragment

Definition packet-btavrcp.c:275

Macro to help to initialize protocol subtree (ett) items for reassembly. The statement:

void proto_register_foo(void) {
    ...
    static int* ett[] = {
        &ett_foo_abc,
        ...
        // Add ett items
        REASSEMBLE_INIT_ETT_ITEMS(foo_body),
        ...
    };
    ...
}

will expand like:

void proto_register_foo(void) {
    ...
    static int* ett[] = {
        &ett_foo_abc,
        ...
        // Add ett items
        &ett_foo_body_fragment,
        &ett_foo_body_fragments,
        ...
    };
    ...
}

◆ REASSEMBLE_INIT_HF_ITEMS

#define REASSEMBLE_INIT_HF_ITEMS	(	var_prefix,
		name_prefix,
		abbrev_prefix
	)

Macro to help to initialize hf (head field) items for reassembly. The statement:

void proto_register_foo(void) {
    static hf_register_info hf[] = {
        ...
        { &hf_proto_foo_payload,
            { "Payload", "foo.payload",
                FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
        },

        // Add fragments items
        REASSEMBLE_INIT_HF_ITEMS(foo_body, "Foo Body", "foo.body"),
        ...
    };
    ...
}

will expand like:

void proto_register_foo(void) {
    static hf_register_info hf[] = {
        ...
        { &hf_proto_foo_payload,
            { "Payload", "foo.payload",
                FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
        },

        // Add fragments items
        { &hf_foo_body_fragments, \
            { "Reassembled Foo Body fragments", "foo.body.fragments", \
                FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } \
        },
        { &hf_foo_body_fragment, \
            { "Foo Body fragment", "foo.body.fragment", \
                FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \
        },
        { &hf_foo_body_fragment_overlap, \
            { "Foo Body fragment overlap", "foo.body.fragment.overlap", \
                FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
        },
        ...
    };
    ...
}

◆ REASSEMBLE_ITEMS_DEFINE

#define REASSEMBLE_ITEMS_DEFINE	(	var_prefix,
		name_prefix
	)

Value:

    static int ett_##var_prefix##_fragment; \
    static int ett_##var_prefix##_fragments; \
    static int hf_##var_prefix##_fragments; \
    static int hf_##var_prefix##_fragment; \
    static int hf_##var_prefix##_fragment_overlap; \
    static int hf_##var_prefix##_fragment_overlap_conflicts; \
    static int hf_##var_prefix##_fragment_multiple_tails; \
    static int hf_##var_prefix##_fragment_too_long_fragment; \
    static int hf_##var_prefix##_fragment_error; \
    static int hf_##var_prefix##_fragment_count; \
    static int hf_##var_prefix##_reassembled_in; \
    static int hf_##var_prefix##_reassembled_length; \
    static int hf_##var_prefix##_reassembled_data; \
    static int hf_##var_prefix##_segment; \
    static const fragment_items var_prefix##_fragment_items = { \
        &ett_##var_prefix##_fragment, \
        &ett_##var_prefix##_fragments, \
        &hf_##var_prefix##_fragments, \
        &hf_##var_prefix##_fragment, \
        &hf_##var_prefix##_fragment_overlap, \
        &hf_##var_prefix##_fragment_overlap_conflicts, \
        &hf_##var_prefix##_fragment_multiple_tails, \
        &hf_##var_prefix##_fragment_too_long_fragment, \
        &hf_##var_prefix##_fragment_error, \
        &hf_##var_prefix##_fragment_count, \
        &hf_##var_prefix##_reassembled_in, \
        &hf_##var_prefix##_reassembled_length, \
        &hf_##var_prefix##_reassembled_data, \
        name_prefix " fragments" \
    }

Macro to help to define ett or hf items variables for reassembly (especially for streaming reassembly). The statement:

REASSEMBLE_ITEMS_DEFINE(foo_body, "Foo Body");  // in global scope

will create global variables:

static int ett_foo_body_fragment;
static int ett_foo_body_fragments;
static int hf_foo_body_fragment;
static int hf_foo_body_fragments;
static int hf_foo_body_fragment_overlap;
...
static int hf_foo_body_segment;

static const fragment_items foo_body_fragment_items = {
    &ett_foo_body_fragment,
    &ett_foo_body_fragments,
    &hf_foo_body_fragments,
    &hf_foo_body_fragment,
    &hf_foo_body_fragment_overlap,
    ...
    "Foo Body fragments"
};

Typedef Documentation

◆ streaming_reassembly_info_t

typedef struct streaming_reassembly_info_t streaming_reassembly_info_t

a private structure for keeping streaming reassembly information

Function Documentation

◆ additional_bytes_expected_to_complete_reassembly()

WS_DLL_PUBLIC int additional_bytes_expected_to_complete_reassembly ( streaming_reassembly_info_t * reassembly_info )

How many additional bytes are still expected to complete this reassembly?

Returns: How many additional bytes are expected to complete this reassembly. It may also be DESEGMENT_ONE_MORE_SEGMENT. 0 means this reassembly is completed.

◆ reassemble_streaming_data_and_call_subdissector()

WS_DLL_PUBLIC int reassemble_streaming_data_and_call_subdissector	(	tvbuff_t *	tvb,
		packet_info *	pinfo,
		unsigned	offset,
		int	length,
		proto_tree *	segment_tree,
		proto_tree *	reassembled_tree,
		reassembly_table	streaming_reassembly_table,
		streaming_reassembly_info_t *	reassembly_info,
		uint64_t	cur_frame_num,
		dissector_handle_t	subdissector_handle,
		proto_tree *	subdissector_tree,
		void *	subdissector_data,
		const char *	label,
		const fragment_items *	frag_hf_items,
		int	hf_segment_data
	)

This function provides a simple way to reassemble the streaming data of a higher level protocol that is not on top of TCP but on another protocol which might be on top of TCP.

For example, suppose there are two streaming protocols ProtoA and ProtoB. ProtoA is a protocol on top of TCP. ProtoB is a protocol on top of ProtoA.

ProtoA dissector should use tcp_dissect_pdus() or pinfo->can_desegment/desegment_offset/desegment_len to reassemble its own messages on top of TCP. After the PDUs of ProtoA are reassembled, ProtoA dissector can call reassemble_streaming_data_and_call_subdissector() to help ProtoB dissector to reassemble the PDUs of ProtoB. ProtoB needs to use fields pinfo->can_desegment/desegment_offset/desegment_len to tell its requirements about reassembly (to reassemble_streaming_data_and_call_subdissector()).

-----            +-- Reassembled ProtoB PDU --+-- Reassembled ProtoB PDU --+-- Reassembled ProtoB PDU --+----------------
ProtoB:          | ProtoB header and payload  | ProtoB header and payload  | ProtoB header and payload  |            ...
                 +----------------------------+---------+------------------+--------+-------------------+--+-------------
-----            ^ >>> Reassemble with reassemble_streaming_data_and_call_subdissector() and pinfo->desegment_len.. <<< ^
                 +----------------------------+---------+------------------+--------+-------------------+--+-------------
                 |           ProtoA payload1            |      ProtoA payload2      |    ProtoA payload3   |         ...
                 +--------------------------------------+---------------------------+----------------------+-------------
                 ^                                      ^                           ^                      ^
                 |         >>> Do de-chunk <<<          |\   >>> Do de-chunk <<<     \  \ >>> Do de-chunk <<< \
                 |                                      |  \                           \    \                    \
                 |                                      |    \                           \      \                ...
                 |                                      |      \                           \        \                 \
        +-------- First Reassembled ProtoA PDU ---------+-- Second Reassembled ProtoA PDU ---+- Third Reassembled Prot...
ProtoA: | Header |           ProtoA payload1            | Header |       ProtoA payload2     | Header | ProtoA payload3 .
        +--------+----------------------+---------------+--------+---------------------------+--------+-+----------------
-----   ^     >>> Reassemble with tcp_dissect_pdus() or pinfo->can_desegment/desegment_offset/desegment_len <<<         ^
        +--------+----------------------+---------------+--------+---------------------------+--------+-+----------------
TCP:    |          TCP segment          |          TCP segment          |          TCP segment          |            ...
-----   +-------------------------------+-------------------------------+-------------------------------+----------------

The function reassemble_streaming_data_and_call_subdissector() uses fragment_add() and process_reassembled_data() to complete its reassembly task.

The reassemble_streaming_data_and_call_subdissector() will handle many cases. The most complicated one is:

+-------------------------------------- Payload of a ProtoA PDU -----------------------------------------------+
| EoMSP: end of a multisegment PDU | OmNFP: one or more non-fragment PDUs | BoMSP: begin of a multisegment PDU |
+----------------------------------+--------------------------------------+------------------------------------+

Note, we use short name 'MSP' for 'Multisegment PDU', and 'NFP' for 'Non-fragment PDU'.

In this case, the payload of a ProtoA PDU contains:

EoMSP (Part1): At the begin of the ProtoA payload, there is the last part of a multisegment PDU of ProtoB.
OmNFP (Part2): The middle part of ProtoA payload payload contains one or more non-fragment PDUs of ProtoB.
BoMSP (Part3): At the tail of the ProtoA payload, there is the begin of a new multisegment PDU of ProtoB.

All of three parts are optional. For example, one ProtoA payload could contain only EoMSP, OmNFP or BoMSP; or contain EoMSP and OmNFP without BoMSP; or contain EoMSP and BoMSP without OmNFP; or contain OmNFP and BoMSP without EoMSP.

          +---- A ProtoB MSP ---+       +-- A ProtoB MSP --+-- A ProtoB MSP --+          +-- A ProtoB MSP --+
          |                     |       |                  |                  |          |                  |
+- A ProtoA payload -+  +-------+-------+-------+  +-------+-------+  +-------+-------+  +-------+  +-------+  +-------+
|  OmNFP  |  BoMSP   |  | EoMSP | OmNFP | BoMSP |  | EoMSP | BoMSP |  | EoMSP | OmNFP |  | BoMSP |  | EoMSP |  | OmNFP |
+---------+----------+  +-------+-------+-------+  +-------+-------+  +-------+-------+  +-------+  +-------+  +-------+
          |                     |       |                  |                  |          |                  |
          +---------------------+       +------------------+------------------+          +------------------+

And another case is the entire ProtoA payload is one of middle parts of a multisegment PDU. We call it:

MoMSP: The middle part of a multisegment PDU of ProtoB.

Following case shows a multisegment PDU composed of [BoMSP + MoMSP + MoMSP + MoMSP + EoMSP]:

                +------------------ A Multisegment PDU of ProtoB ----------------------+
                |                                                                      |
+--- ProtoA payload1 ---+   +- payload2 -+  +- Payload3 -+  +- Payload4 -+   +- ProtoA payload5 -+
| EoMSP | OmNFP | BoMSP |   |    MoMSP   |  |    MoMSP   |  |    MoMSP   |   |  EoMSP  |  BoMSP  |
+-------+-------+-------+   +------------+  +------------+  +------------+   +---------+---------+
                |                                                                      |
                +----------------------------------------------------------------------+

The function reassemble_streaming_data_and_call_subdissector() will handle all of the above cases and manage the information used during the reassembly. The caller (ProtoA dissector) only needs to initialize the relevant variables and pass these variables and its own completed payload to this function.

The subdissector (ProtoB dissector) needs to set the pinfo->desegment_len to cooperate with the function reassemble_streaming_data_and_call_subdissector() to complete the reassembly task. The pinfo->desegment_len should be DESEGMENT_ONE_MORE_SEGMENT or contain the estimated number of additional bytes required for completing the current PDU (MSP), and set pinfo->desegment_offset to the offset in the tvbuff at which the dissector will continue processing when next called. Next time the subdissector is called, it will be passed a tvbuff composed of the end of the data from the previous tvbuff together with desegment_len more bytes. If the dissector cannot tell how many more bytes it will need, it should set pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT or additional bytes required for parsing message head. It will then be called again as soon as more data becomes available. Subdissector MUST NOT set the pinfo->desegment_len to DESEGMENT_UNTIL_FIN, we don't support it yet.

Note that if the subdissector sets pinfo->desegment_len to additional bytes required for parsing the header of the message rather than the entire message when the length of entire message is unable to be determined, it MUST return the length of the tvb handled by itself (for example, return 0 length if nothing is parsed in MoMSP), otherwise it may cause some unexpected dissecting errors. However, if you want to be compatible with TCP's reassembly method by setting the pinfo->desegment_len, you MUST set the pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT when the entire message length cannot be determined, and return a length other than 0 (such as tvb_captured_length(tvb)) when exiting the subdissector dissect function (such as dissect_proto_b()).

Following is sample code of ProtoB which on top of ProtoA mentioned above:

// file packet-proto-b.c
...
 
static int
dissect_proto_b(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data)
{
    while (offset < tvb_len)
    {
        if (tvb_len - offset < PROTO_B_MESSAGE_HEAD_LEN) {
            // need at least X bytes for getting a ProtoB message
            if (pinfo->can_desegment) {
                pinfo->desegment_offset = offset;
                // It is strongly recommended to set pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT
                // if the length of entire message is unknown.
                pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
                return tvb_len; // MUST return a length other than 0
 
                // Or set pinfo->desegment_len to how many additional bytes needed to parse head of
                // a ProtoB message.
                // pinfo->desegment_len = PROTO_B_MESSAGE_HEAD_LEN - (tvb_len - offset);
                // return offset; // But you MUST return the length handled by ProtoB
            }
            ...
           }
        ...
        // e.g. length is at offset 4
        body_len = (unsigned)tvb_get_ntohl(tvb, offset + 4);
 
        if (tvb_len - offset - PROTO_B_MESSAGE_HEAD_LEN < body_len) {
            // need X bytes for dissecting a ProtoB message
            if (pinfo->can_desegment) {
                pinfo->desegment_offset = offset;
                // calculate how many additional bytes need to parsing body of a ProtoB message
                pinfo->desegment_len = body_len - (tvb_len - offset - PROTO_B_MESSAGE_HEAD_LEN);
                // MUST return a length other than 0, if DESEGMENT_ONE_MORE_SEGMENT is used previously.
                return tvb_len;
 
                // MUST return the length handled by ProtoB,
                // if 'pinfo->desegment_len = PROTO_B_MESSAGE_HEAD_LEN - (tvb_len - offset);' is used previously.
                // return offset;
            }
            ...
        }
        ...
    }
    return tvb_len; // all bytes of this tvb are parsed
}

Following is sample code of ProtoA mentioned above:

// file packet-proto-a.c
...
// reassembly table for streaming chunk mode
static reassembly_table proto_a_streaming_reassembly_table;
...
// heads for displaying reassembly information
static int hf_msg_fragments;
static int hf_msg_fragment;
static int hf_msg_fragment_overlap;
static int hf_msg_fragment_overlap_conflicts;
static int hf_msg_fragment_multiple_tails;
static int hf_msg_fragment_too_long_fragment;
static int hf_msg_fragment_error;
static int hf_msg_fragment_count;
static int hf_msg_reassembled_in;
static int hf_msg_reassembled_length;
static int hf_msg_body_segment;
...
static int ett_msg_fragment;
static int ett_msg_fragments;
...
static const fragment_items msg_frag_items = {
    &ett_msg_fragment,
    &ett_msg_fragments,
    &hf_msg_fragments,
    &hf_msg_fragment,
    &hf_msg_fragment_overlap,
    &hf_msg_fragment_overlap_conflicts,
    &hf_msg_fragment_multiple_tails,
    &hf_msg_fragment_too_long_fragment,
    &hf_msg_fragment_error,
    &hf_msg_fragment_count,
    &hf_msg_reassembled_in,
    &hf_msg_reassembled_length,
    "ProtoA Message fragments"
};
...
static int
dissect_proto_a(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data)
{
    ...
    streaming_reassembly_info_t* streaming_reassembly_info = NULL;
    ...
    proto_a_tree = proto_item_add_subtree(ti, ett_proto_a);
    ...
    if (!PINFO_FD_VISITED(pinfo)) {
        streaming_reassembly_info = streaming_reassembly_info_new();
        // save streaming reassembly info in the stream conversation or something like that
        save_reassembly_info(pinfo, stream_id, flow_dir, streaming_reassembly_info);
    } else {
        streaming_reassembly_info = get_reassembly_info(pinfo, stream_id, flow_dir);
    }
    ...
    while (offset < tvb_len)
    {
        ...
        payload_len = xxx;
        ...
        if (dissecting_in_streaming_mode) {
            // reassemble and call subdissector
            reassemble_streaming_data_and_call_subdissector(tvb, pinfo, offset,
                payload_len, proto_a_tree, proto_tree_get_parent_tree(proto_a_tree),
                proto_a_streaming_reassembly_table, streaming_reassembly_info,
                get_virtual_frame_num64(tvb, pinfo, offset), subdissector_handle,
                proto_tree_get_parent_tree(tree), NULL,
                "ProtoA", &msg_frag_items, hf_msg_body_segment);
        ...
    }
}
 
...
void proto_register_proto_a(void) {
    ...
    static hf_register_info hf[] = {
        ...
        {&hf_msg_fragments,
            {"Reassembled ProtoA Message fragments", "protoa.msg.fragments",
            FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_fragment,
            {"Message fragment", "protoa.msg.fragment",
            FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_fragment_overlap,
            {"Message fragment overlap", "protoa.msg.fragment.overlap",
            FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_fragment_overlap_conflicts,
            {"Message fragment overlapping with conflicting data",
            "protoa.msg.fragment.overlap.conflicts",
            FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_fragment_multiple_tails,
            {"Message has multiple tail fragments",
            "protoa.msg.fragment.multiple_tails",
            FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_fragment_too_long_fragment,
            {"Message fragment too long", "protoa.msg.fragment.too_long_fragment",
            FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_fragment_error,
            {"Message defragmentation error", "protoa.msg.fragment.error",
            FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_fragment_count,
            {"Message fragment count", "protoa.msg.fragment.count",
            FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_reassembled_in,
            {"Reassembled in", "protoa.msg.reassembled.in",
            FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_reassembled_length,
            {"Reassembled length", "protoa.msg.reassembled.length",
            FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
        {&hf_msg_body_segment,
            {"ProtoA body segment", "protoa.msg.body.segment",
            FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
    }
    ...
    static int *ett[] = {
        ...
        &ett_msg_fragment,
        &ett_msg_fragments
    }
    ...
    reassembly_table_register(&proto_a_streaming_reassembly_table,
                               &addresses_ports_reassembly_table_functions);
    ...
}

Alternatively, the code of ProtoA (packet-proto-a.c) can be made simpler with helper macros:

// file packet-proto-a.c
...
// reassembly table for streaming chunk mode
static reassembly_table proto_a_streaming_reassembly_table;
// reassembly head field items definition
REASSEMBLE_ITEMS_DEFINE(proto_a_body, "ProtoA Body");
...
static int
dissect_proto_a(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data)
{
    ...
    streaming_reassembly_info_t* streaming_reassembly_info = NULL;
    ...
    proto_a_tree = proto_item_add_subtree(ti, ett_proto_a);
    ...
    if (!PINFO_FD_VISITED(pinfo)) {
        streaming_reassembly_info = streaming_reassembly_info_new();
        // save streaming reassembly info in the stream conversation or something like that
        save_reassembly_info(pinfo, stream_id, flow_dir, streaming_reassembly_info);
    } else {
        streaming_reassembly_info = get_reassembly_info(pinfo, stream_id, flow_dir);
    }
    ...
    while (offset < tvb_len)
    {
        ...
        payload_len = xxx;
        ...
        if (dissecting_in_streaming_mode) {
            // reassemble and call subdissector
            reassemble_streaming_data_and_call_subdissector(tvb, pinfo, offset,
                payload_len, proto_a_tree, proto_tree_get_parent_tree(proto_a_tree),
                proto_a_streaming_reassembly_table, streaming_reassembly_info,
                get_virtual_frame_num64(tvb, pinfo, offset), subdissector_handle,
                proto_tree_get_parent_tree(tree), NULL, "ProtoA Body",
                &proto_a_body_fragment_items, hf_proto_a_body_segment);
        ...
    }
}
 
...
void proto_register_proto_a(void) {
    ...
    static hf_register_info hf[] = {
        ...
        REASSEMBLE_INIT_HF_ITEMS(proto_a_body, "ProtoA Body", "protoa.body")
    }
    ...
    static int *ett[] = {
        ...
        REASSEMBLE_INIT_ETT_ITEMS(proto_a_body)
    }
    ...
    reassembly_table_register(&proto_a_streaming_reassembly_table,
                               &addresses_ports_reassembly_table_functions);
    ...
}

Parameters

tvb	TVB contains (ProtoA) payload which will be passed to subdissector.
pinfo	Packet information.
offset	The beginning offset of payload in TVB.
length	The length of payload in TVB.
segment_tree	The tree for adding segment items.
reassembled_tree	The tree for adding reassembled information items.
streaming_reassembly_table	The reassembly table used for this kind of streaming reassembly.
reassembly_info	The structure for keeping streaming reassembly information. This should be initialized by streaming_reassembly_info_new(). Subdissector should keep it for each flow of per stream, like per direction flow of a STREAM of HTTP/2 or each request or response message flow of HTTP/1.1 chunked stream.
cur_frame_num	The uniq index of current payload and number must always be increasing from the previous frame number, so we can use "<" and ">" comparisons to determine before and after in time. You can use get_virtual_frame_num64() if the ProtoA does not has a suitable field representing payload frame num.
subdissector_handle	The subdissector the reassembly for. We will call subdissector for reassembly and dissecting. The subdissector should set pinfo->desegment_len to the length it needed if the payload is not enough for it to dissect.
subdissector_tree	The tree to be passed to subdissector.
subdissector_data	The data argument to be passed to subdissector.
label	The name of the data being reassembling. It can just be the name of protocol (ProtoA), for example, "[ProtoA segment of a reassembled PDU]".
frag_hf_items	The fragment field items for displaying fragment and reassembly information in tree. Please refer to process_reassembled_data().
hf_segment_data	The field item to show something like "ProtoA segment data (123 bytes)".

Returns: Handled data length. Just equal to the length argument now.

◆ streaming_reassembly_info_new()

WS_DLL_PUBLIC streaming_reassembly_info_t * streaming_reassembly_info_new ( void )

Allocate a streaming reassembly information in wmem_file_scope.

Classes

Macros

Typedefs

Functions

Variables