Wireshark  4.3.0
The Wireshark network protocol analyzer
reassemble.h
Go to the documentation of this file.
1 
11 /* make sure that all flags that are set in a fragment entry is also set for
12  * the flags field of fd_head !!!
13  */
14 
15 #ifndef REASSEMBLE_H
16 #define REASSEMBLE_H
17 
18 #include "ws_symbol_export.h"
19 
20 /* only in fd_head: packet is defragmented */
21 #define FD_DEFRAGMENTED 0x0001
22 
23 /* there are overlapping fragments */
24 #define FD_OVERLAP 0x0002
25 
26 /* overlapping fragments contain different data */
27 #define FD_OVERLAPCONFLICT 0x0004
28 
29 /* more than one fragment which indicates end-of data */
30 #define FD_MULTIPLETAILS 0x0008
31 
32 /* fragment starts before the end of the datagram but extends
33  past the end of the datagram */
34 #define FD_TOOLONGFRAGMENT 0x0010
35 
36 /* fragment tvb is subset, don't tvb_free() it */
37 #define FD_SUBSET_TVB 0x0020
38 
39 /* this flag is used to request fragment_add to continue the reassembly process */
40 #define FD_PARTIAL_REASSEMBLY 0x0040
41 
42 /* fragment offset is indicated by sequence number and not byte offset
43  into the defragmented packet */
44 #define FD_BLOCKSEQUENCE 0x0100
45 
46 /* This flag is set in (only) fd_head to denote that datalen has been set to a valid value.
47  * It's implied by FD_DEFRAGMENTED (we must know the total length of the
48  * datagram if we have defragmented it...)
49  */
50 #define FD_DATALEN_SET 0x0400
51 
52 typedef struct _fragment_item {
53  struct _fragment_item *next;
54  guint32 frame;
55  guint32 offset;
57  guint32 len;
58  guint32 flags;
61  tvbuff_t *tvb_data;
63 
64 typedef struct _fragment_head {
65  struct _fragment_item *next;
68  guint ref_count;
69  guint32 contiguous_len;
70  guint32 frame;
71  guint32 len;
77  guint32 datalen;
83  guint32 reassembled_in;
89  guint32 flags;
92  tvbuff_t *tvb_data;
97  const char *error;
99 
100 /*
101  * Flags for fragment_add_seq_*
102  */
103 
104 /* we don't have any sequence numbers - fragments are assumed to appear in
105  * order */
106 #define REASSEMBLE_FLAGS_NO_FRAG_NUMBER 0x0001
107 
108 /* a special fudge for the 802.11 dissector */
109 #define REASSEMBLE_FLAGS_802_11_HACK 0x0002
110 
111 /*
112  * Flags for fragment_add_seq_single_*
113  */
114 
115 /* we want to age off old packets */
116 #define REASSEMBLE_FLAGS_AGING 0x0001
117 
118 /*
119  * Generates a fragment identifier based on the given parameters. "data" is an
120  * opaque type whose interpretation is up to the caller of fragment_add*
121  * functions and the fragment key function (possibly NULL if you do not care).
122  *
123  * Keys returned by this function are only used within this packet scope.
124  */
125 typedef gpointer (*fragment_temporary_key)(const packet_info *pinfo,
126  const guint32 id, const void *data);
127 
128 /*
129  * Like fragment_temporary_key, but used for identifying reassembled fragments
130  * which may persist through multiple packets.
131  */
132 typedef gpointer (*fragment_persistent_key)(const packet_info *pinfo,
133  const guint32 id, const void *data);
134 
135 /*
136  * Data structure to keep track of fragments and reassemblies.
137  */
138 typedef struct {
139  GHashTable *fragment_table;
140  GHashTable *reassembled_table;
141  fragment_temporary_key temporary_key_func;
142  fragment_persistent_key persistent_key_func;
143  GDestroyNotify free_temporary_key_func; /* temporary key destruction function */
145 
146 /*
147  * Table of functions for a reassembly table.
148  */
149 typedef struct {
150  /* Functions for fragment table */
151  GHashFunc hash_func; /* hash function */
152  GEqualFunc equal_func; /* comparison function */
153  fragment_temporary_key temporary_key_func; /* temporary key creation function */
154  fragment_persistent_key persistent_key_func; /* persistent key creation function */
155  GDestroyNotify free_temporary_key_func; /* temporary key destruction function */
156  GDestroyNotify free_persistent_key_func; /* persistent key destruction function */
158 
159 /*
160  * Tables of functions exported for the benefit of dissectors that
161  * don't need special items in their keys.
162  */
163 WS_DLL_PUBLIC const reassembly_table_functions
164  addresses_reassembly_table_functions; /* keys have endpoint addresses and an ID */
165 WS_DLL_PUBLIC const reassembly_table_functions
166  addresses_ports_reassembly_table_functions; /* keys have endpoint addresses and ports and an ID */
167 
168 /*
169  * Register a reassembly table. By registering the table with epan, the creation and
170  * destruction of the table can be managed by epan and not the dissector.
171  */
172 WS_DLL_PUBLIC void
173 reassembly_table_register(reassembly_table *table,
174  const reassembly_table_functions *funcs);
175 
176 /*
177  * Initialize/destroy a reassembly table.
178  *
179  * init: If table doesn't exist: create table;
180  * else: just remove any entries;
181  * destroy: remove entries and destroy table;
182  */
183 WS_DLL_PUBLIC void
184 reassembly_table_init(reassembly_table *table,
185  const reassembly_table_functions *funcs);
186 WS_DLL_PUBLIC void
187 reassembly_table_destroy(reassembly_table *table);
188 
189 /*
190  * This function adds a new fragment to the reassembly table
191  * If this is the first fragment seen for this datagram, a new entry
192  * is created in the table, otherwise this fragment is just added
193  * to the linked list of fragments for this packet.
194  * The list of fragments for a specific datagram is kept sorted for
195  * easier handling.
196  *
197  * Datagrams (messages) are identified by a key generated by
198  * fragment_temporary_key or fragment_persistent_key, based on the "pinfo", "id"
199  * and "data" pairs. (This is the sole purpose of "data".)
200  *
201  * Fragments are identified by "frag_offset".
202  *
203  * Returns a pointer to the head of the fragment data list if we have all the
204  * fragments, NULL otherwise. Note that the reassembled fragments list may have
205  * a non-zero fragment offset, the only guarantee is that no gaps exist within
206  * the list.
207  *
208  * @note Reused keys are assumed to refer to the same reassembled message
209  * (i.e., retransmission). If the same "id" is used more than once on a
210  * connection, then "data" and custom reassembly_table_functions should be
211  * used so that the keys hash differently.
212  */
213 WS_DLL_PUBLIC fragment_head *
214 fragment_add(reassembly_table *table, tvbuff_t *tvb, const int offset,
215  const packet_info *pinfo, const guint32 id, const void *data,
216  const guint32 frag_offset, const guint32 frag_data_len,
217  const gboolean more_frags);
218 /*
219  * Like fragment_add, except that the fragment may be added to multiple
220  * reassembly tables. This is needed when multiple protocol layers try
221  * to add the same packet to the reassembly table.
222  */
223 WS_DLL_PUBLIC fragment_head *
224 fragment_add_multiple_ok(reassembly_table *table, tvbuff_t *tvb,
225  const int offset, const packet_info *pinfo,
226  const guint32 id, const void *data,
227  const guint32 frag_offset,
228  const guint32 frag_data_len,
229  const gboolean more_frags);
230 
231 /*
232  * Like fragment_add, except that the fragment may originate from a frame
233  * other than pinfo->num. For use when you are adding an out of order segment
234  * that arrived in an earlier frame, so that show_fragment_tree will display
235  * the correct fragment numbers.
236  *
237  * This is for protocols like TCP, where the correct reassembly to add a
238  * segment to cannot be determined without processing previous segments
239  * in sequence order, including handing them to subdissectors.
240  *
241  * Note that pinfo is still used to set reassembled_in if we have all the
242  * fragments, so that results on subsequent passes can be the same as the
243  * first pass.
244  */
245 WS_DLL_PUBLIC fragment_head *
246 fragment_add_out_of_order(reassembly_table *table, tvbuff_t *tvb,
247  const int offset, const packet_info *pinfo,
248  const guint32 id, const void *data,
249  const guint32 frag_offset,
250  const guint32 frag_data_len,
251  const gboolean more_frags, const guint32 frag_frame);
252 /*
253  * Like fragment_add, but maintains a table for completed reassemblies.
254  *
255  * If the packet was seen before, return the head of the fully reassembled
256  * fragments list (NULL if there was none).
257  *
258  * Otherwise (if reassembly was not possible before), try to add the new
259  * fragment to the fragments table. If reassembly is now possible, remove all
260  * (reassembled) fragments from the fragments table and store it as a completed
261  * reassembly. The head of this reassembled fragments list is returned.
262  *
263  * Otherwise (if reassembly is still not possible after adding this fragment),
264  * return NULL.
265  *
266  * @note Completed reassemblies are removed from the in-progress table, so
267  * key can be reused to begin a new reassembled message. Conversely,
268  * dissectors SHOULD NOT call this with a retransmitted fragment of a
269  * completed reassembly. Dissectors atop a reliable protocol like TCP
270  * may assume that the lower layer dissector handles retransmission,
271  * but other dissectors (e.g., atop UDP or Ethernet) will have to handle
272  * that situation themselves.
273  */
274 WS_DLL_PUBLIC fragment_head *
275 fragment_add_check(reassembly_table *table, tvbuff_t *tvb, const int offset,
276  const packet_info *pinfo, const guint32 id,
277  const void *data, const guint32 frag_offset,
278  const guint32 frag_data_len, const gboolean more_frags);
279 
280 /*
281  * Like fragment_add_check, but handles retransmissions after reassembly.
282  *
283  * Start new reassembly only if there is no reassembly in progress and there
284  * is no completed reassembly reachable from fallback_frame. If there is
285  * completed reassembly (reachable from fallback_frame), simply links this
286  * packet into the list, updating the flags if necessary (however actual data
287  * and reassembled in frame won't be modified).
288  */
289 WS_DLL_PUBLIC fragment_head *
290 fragment_add_check_with_fallback(reassembly_table *table, tvbuff_t *tvb, const int offset,
291  const packet_info *pinfo, const guint32 id,
292  const void *data, const guint32 frag_offset,
293  const guint32 frag_data_len, const gboolean more_frags,
294  const guint32 fallback_frame);
295 
296 /*
297  * Like fragment_add, but fragments have a block sequence number starting from
298  * zero (for the first fragment of each datagram). This differs from
299  * fragment_add for which the fragment may start at any offset.
300  *
301  * If this is the first fragment seen for this datagram, a new
302  * "fragment_head" structure is allocated to refer to the reassembled
303  * packet, and:
304  *
305  * if "more_frags" is false, and either we have no sequence numbers, or
306  * are using the 802.11 hack (via fragment_add_seq_802_11), it is assumed that
307  * this is the only fragment in the datagram. The structure is not added to the
308  * hash table, and not given any fragments to refer to, but is just returned.
309  *
310  * In this latter case reassembly wasn't done (since there was only one
311  * fragment in the packet); dissectors can check the 'next' pointer on the
312  * returned list to see if this case was hit or not.
313  *
314  * Otherwise, this fragment is just added to the linked list of fragments
315  * for this packet; the fragment_item is also added to the fragment hash if
316  * necessary.
317  *
318  * If this packet completes assembly, these functions return the head of the
319  * fragment data; otherwise, they return null.
320  *
321  * @note Reused keys are assumed to refer to the same reassembled message
322  * (i.e., retransmission). If the same "id" is used more than once on a
323  * connection, then "data" and custom reassembly_table_functions should be
324  * used so that the keys hash differently.
325  */
326 WS_DLL_PUBLIC fragment_head *
327 fragment_add_seq(reassembly_table *table, tvbuff_t *tvb, const int offset,
328  const packet_info *pinfo, const guint32 id, const void *data,
329  const guint32 frag_number, const guint32 frag_data_len,
330  const gboolean more_frags, const guint32 flags);
331 
332 /*
333  * Like fragment_add_seq, but maintains a table for completed reassemblies
334  * just like fragment_add_check.
335  *
336  * @note Completed reassemblies are removed from the in-progress table, so
337  * key can be reused to begin a new reassembled message. Conversely,
338  * dissectors SHOULD NOT call this with a retransmitted fragment of a
339  * completed reassembly. Dissectors atop a reliable protocol like TCP
340  * may assume that the lower layer dissector handles retransmission,
341  * but other dissectors (e.g., atop UDP or Ethernet) will have to handle
342  * that situation themselves.
343  */
344 WS_DLL_PUBLIC fragment_head *
345 fragment_add_seq_check(reassembly_table *table, tvbuff_t *tvb, const int offset,
346  const packet_info *pinfo, const guint32 id,
347  const void *data,
348  const guint32 frag_number, const guint32 frag_data_len,
349  const gboolean more_frags);
350 
351 /*
352  * Like fragment_add_seq_check, but immediately returns a fragment list for a
353  * new fragment. This is a workaround specific for the 802.11 dissector, do not
354  * use it elsewhere.
355  */
356 WS_DLL_PUBLIC fragment_head *
357 fragment_add_seq_802_11(reassembly_table *table, tvbuff_t *tvb,
358  const int offset, const packet_info *pinfo,
359  const guint32 id, const void *data,
360  const guint32 frag_number, const guint32 frag_data_len,
361  const gboolean more_frags);
362 
363 /*
364  * Like fragment_add_seq_check, but without explicit fragment number. Fragments
365  * are simply appended until no "more_frags" is false.
366  *
367  * @note Out of order fragments will not be reassembled correctly.
368  * Dissectors atop a reliable protocol like TCP may rely on the lower
369  * level dissector reordering out or order segments (if the appropriate
370  * out of order reassembly preference is enabled), but other dissectors
371  * will have to handle out of order fragments themselves, if possible.
372  */
373 WS_DLL_PUBLIC fragment_head *
374 fragment_add_seq_next(reassembly_table *table, tvbuff_t *tvb, const int offset,
375  const packet_info *pinfo, const guint32 id,
376  const void *data, const guint32 frag_data_len,
377  const gboolean more_frags);
378 
379 /*
380  * Like fragment_add_seq_check, but for protocols like PPP MP with a single
381  * sequence number that increments for each fragment, thus acting like the sum
382  * of the PDU sequence number and explicit fragment number in other protocols.
383  * See Appendix A of RFC 4623 (PWE3 Fragmentation and Reassembly) for a list
384  * of protocols that use this style, including PPP MP (RFC 1990), PWE3 MPLS
385  * (RFC 4385), L2TPv2 (RFC 2661), L2TPv3 (RFC 3931), ATM, and Frame Relay.
386  * It is guaranteed to reassemble a packet split up to "max_frags" in size,
387  * but may manage to reassemble more in certain cases.
388  */
389 WS_DLL_PUBLIC fragment_head *
390 fragment_add_seq_single(reassembly_table *table, tvbuff_t *tvb,
391  const int offset, const packet_info *pinfo, const guint32 id,
392  const void* data, const guint32 frag_data_len,
393  const gboolean first, const gboolean last,
394  const guint32 max_frags);
395 
396 /*
397  * A variation on the above that ages off fragments that have not been
398  * reassembled. Useful if the sequence number loops to deal with leftover
399  * fragments from the beginning of the capture or missing fragments.
400  */
401 WS_DLL_PUBLIC fragment_head *
402 fragment_add_seq_single_aging(reassembly_table *table, tvbuff_t *tvb,
403  const int offset, const packet_info *pinfo, const guint32 id,
404  const void* data, const guint32 frag_data_len,
405  const gboolean first, const gboolean last,
406  const guint32 max_frags, const guint32 max_age);
407 
408 /*
409  * Start a reassembly, expecting "tot_len" as the number of given fragments (not
410  * the number of bytes). Data can be added later using fragment_add_seq_check.
411  */
412 WS_DLL_PUBLIC void
413 fragment_start_seq_check(reassembly_table *table, const packet_info *pinfo,
414  const guint32 id, const void *data,
415  const guint32 tot_len);
416 
417 /*
418  * Mark end of reassembly and returns the reassembled fragment (if completed).
419  * Use it when fragments were added with "more_flags" set while you discovered
420  * that no more fragments have to be added.
421  * This is for fragments added with add_seq_next; it doesn't check for gaps,
422  * and doesn't set datalen correctly for the fragment_add family.
423  */
424 WS_DLL_PUBLIC fragment_head *
425 fragment_end_seq_next(reassembly_table *table, const packet_info *pinfo,
426  const guint32 id, const void *data);
427 
428 /* To specify the offset for the fragment numbering, the first fragment is added with 0, and
429  * afterwards this offset is set. All additional calls to off_seq_check will calculate
430  * the number in sequence in regards to the offset */
431 WS_DLL_PUBLIC void
432 fragment_add_seq_offset(reassembly_table *table, const packet_info *pinfo, const guint32 id,
433  const void *data, const guint32 fragment_offset);
434 
435 /*
436  * Sets the expected index for the last block (for fragment_add_seq functions)
437  * or the expected number of bytes (for fragment_add functions). A reassembly
438  * must already have started.
439  *
440  * Note that for FD_BLOCKSEQUENCE tot_len is the index for the tail fragment.
441  * i.e. since the block numbers start at 0, if we specify tot_len==2, that
442  * actually means we want to defragment 3 blocks, block 0, 1 and 2.
443  */
444 WS_DLL_PUBLIC void
445 fragment_set_tot_len(reassembly_table *table, const packet_info *pinfo,
446  const guint32 id, const void *data, const guint32 tot_len);
447 
448 /*
449  * Similar to fragment_set_tot_len, it sets the expected number of bytes (for
450  * fragment_add functions) for a previously started reassembly. If the specified
451  * length already matches the reassembled length, then nothing will be done.
452  *
453  * If the fragments were previously reassembled, then this state will be
454  * cleared, allowing new fragments to extend the reassembled result again.
455  */
456 void
457 fragment_reset_tot_len(reassembly_table *table, const packet_info *pinfo,
458  const guint32 id, const void *data, const guint32 tot_len);
459 
460 /*
461  * Truncates the size of an already defragmented reassembly to tot_len,
462  * discarding past that point, including splitting any fragments in the
463  * middle as necessary. The specified length must be less than or equal
464  * to the reassembled length. (If it already matches the reassembled length,
465  * then nothing will be done.)
466  *
467  * Used for continuous streams like TCP, where the length of a segment cannot
468  * be determined without first reassembling and handing to a subdissector.
469  */
470 void
471 fragment_truncate(reassembly_table *table, const packet_info *pinfo,
472  const guint32 id, const void *data, const guint32 tot_len);
473 
474 /*
475  * Return the expected index for the last block (for fragment_add_seq functions)
476  * or the expected number of bytes (for fragment_add functions).
477  */
478 WS_DLL_PUBLIC guint32
479 fragment_get_tot_len(reassembly_table *table, const packet_info *pinfo,
480  const guint32 id, const void *data);
481 
482 /*
483  * This function will set the partial reassembly flag(FD_PARTIAL_REASSEMBLY) for a fh.
484  * When this function is called, the fh MUST already exist, i.e.
485  * the fh MUST be created by the initial call to fragment_add() before
486  * this function is called. Also note that this function MUST be called to indicate
487  * a fh will be extended (increase the already stored data). After calling this function,
488  * and if FD_DEFRAGMENTED is set, the reassembly process will be continued.
489  */
490 WS_DLL_PUBLIC void
491 fragment_set_partial_reassembly(reassembly_table *table,
492  const packet_info *pinfo, const guint32 id,
493  const void *data);
494 
495 /* This function is used to check if there is partial or completed reassembly state
496  * matching this packet. I.e. Are there reassembly going on or not for this packet?
497  */
498 WS_DLL_PUBLIC fragment_head *
499 fragment_get(reassembly_table *table, const packet_info *pinfo,
500  const guint32 id, const void *data);
501 
502 /* The same for the reassemble table */
503 WS_DLL_PUBLIC fragment_head *
504 fragment_get_reassembled_id(reassembly_table *table, const packet_info *pinfo,
505  const guint32 id);
506 
507 /* This will free up all resources and delete reassembly state for this PDU.
508  * Except if the PDU is completely reassembled, then it would NOT deallocate the
509  * buffer holding the reassembled data but instead return the TVB
510  *
511  * So, if you call fragment_delete and it returns non-NULL, YOU are responsible to
512  * tvb_free() .
513  */
514 WS_DLL_PUBLIC tvbuff_t *
515 fragment_delete(reassembly_table *table, const packet_info *pinfo,
516  const guint32 id, const void *data);
517 
518 /* This struct holds references to all the tree and field handles used when
519  * displaying the reassembled fragment tree in the packet details view. A
520  * dissector will populate this structure with its own tree and field handles
521  * and then invoke show_fragment_tree to have those items added to the packet
522  * details tree.
523  */
524 typedef struct _fragment_items {
525  gint *ett_fragment;
526  gint *ett_fragments;
527 
528  int *hf_fragments; /* FT_NONE */
529  int *hf_fragment; /* FT_FRAMENUM */
530  int *hf_fragment_overlap; /* FT_BOOLEAN */
531  int *hf_fragment_overlap_conflict; /* FT_BOOLEAN */
532  int *hf_fragment_multiple_tails; /* FT_BOOLEAN */
533  int *hf_fragment_too_long_fragment; /* FT_BOOLEAN */
534  int *hf_fragment_error; /* FT_FRAMENUM */
535  int *hf_fragment_count; /* FT_UINT32 */
536  int *hf_reassembled_in; /* FT_FRAMENUM */
537  int *hf_reassembled_length; /* FT_UINT32 */
538  int *hf_reassembled_data; /* FT_BYTES */
539 
540  const char *tag;
542 
543 WS_DLL_PUBLIC tvbuff_t *
544 process_reassembled_data(tvbuff_t *tvb, const int offset, packet_info *pinfo,
545  const char *name, fragment_head *fd_head, const fragment_items *fit,
546  bool *update_col_infop, proto_tree *tree);
547 
548 WS_DLL_PUBLIC gboolean
549 show_fragment_tree(fragment_head *ipfd_head, const fragment_items *fit,
550  proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);
551 
552 WS_DLL_PUBLIC gboolean
553 show_fragment_seq_tree(fragment_head *ipfd_head, const fragment_items *fit,
554  proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);
555 
556 /* Initialize internal structures
557  */
558 extern void reassembly_tables_init(void);
559 
560 /* Cleanup internal structures
561  */
562 extern void
563 reassembly_table_cleanup(void);
564 
565 /* ===================== Streaming data reassembly helper ===================== */
592 #define REASSEMBLE_ITEMS_DEFINE(var_prefix, name_prefix) \
593  static gint ett_##var_prefix##_fragment; \
594  static gint ett_##var_prefix##_fragments; \
595  static int hf_##var_prefix##_fragments; \
596  static int hf_##var_prefix##_fragment; \
597  static int hf_##var_prefix##_fragment_overlap; \
598  static int hf_##var_prefix##_fragment_overlap_conflicts; \
599  static int hf_##var_prefix##_fragment_multiple_tails; \
600  static int hf_##var_prefix##_fragment_too_long_fragment; \
601  static int hf_##var_prefix##_fragment_error; \
602  static int hf_##var_prefix##_fragment_count; \
603  static int hf_##var_prefix##_reassembled_in; \
604  static int hf_##var_prefix##_reassembled_length; \
605  static int hf_##var_prefix##_reassembled_data; \
606  static int hf_##var_prefix##_segment; \
607  static const fragment_items var_prefix##_fragment_items = { \
608  &ett_##var_prefix##_fragment, \
609  &ett_##var_prefix##_fragments, \
610  &hf_##var_prefix##_fragments, \
611  &hf_##var_prefix##_fragment, \
612  &hf_##var_prefix##_fragment_overlap, \
613  &hf_##var_prefix##_fragment_overlap_conflicts, \
614  &hf_##var_prefix##_fragment_multiple_tails, \
615  &hf_##var_prefix##_fragment_too_long_fragment, \
616  &hf_##var_prefix##_fragment_error, \
617  &hf_##var_prefix##_fragment_count, \
618  &hf_##var_prefix##_reassembled_in, \
619  &hf_##var_prefix##_reassembled_length, \
620  &hf_##var_prefix##_reassembled_data, \
621  name_prefix " fragments" \
622  }
623 
671 #define REASSEMBLE_INIT_HF_ITEMS(var_prefix, name_prefix, abbrev_prefix) \
672  { &hf_##var_prefix##_fragments, \
673  { "Reassembled " name_prefix " fragments", abbrev_prefix ".fragments", \
674  FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } \
675  }, \
676  { &hf_##var_prefix##_fragment, \
677  { name_prefix " fragment", abbrev_prefix ".fragment", \
678  FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \
679  }, \
680  { &hf_##var_prefix##_fragment_overlap, \
681  { name_prefix " fragment overlap", abbrev_prefix ".fragment.overlap", \
682  FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
683  }, \
684  { &hf_##var_prefix##_fragment_overlap_conflicts, \
685  { name_prefix " fragment overlapping with conflicting data", abbrev_prefix ".fragment.overlap.conflicts", \
686  FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
687  }, \
688  { &hf_##var_prefix##_fragment_multiple_tails, \
689  { name_prefix " has multiple tail fragments", abbrev_prefix ".fragment.multiple_tails", \
690  FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
691  }, \
692  { &hf_##var_prefix##_fragment_too_long_fragment, \
693  { name_prefix " fragment too long", abbrev_prefix ".fragment.too_long_fragment", \
694  FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
695  }, \
696  { &hf_##var_prefix##_fragment_error, \
697  { name_prefix " defragment error", abbrev_prefix ".fragment.error", \
698  FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \
699  }, \
700  { &hf_##var_prefix##_fragment_count, \
701  { name_prefix " fragment count", abbrev_prefix ".fragment.count", \
702  FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } \
703  }, \
704  { &hf_##var_prefix##_reassembled_in, \
705  { "Reassembled in", abbrev_prefix ".reassembled.in", \
706  FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \
707  }, \
708  { &hf_##var_prefix##_reassembled_length, \
709  { "Reassembled length", abbrev_prefix ".reassembled.length", \
710  FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } \
711  }, \
712  { &hf_##var_prefix##_reassembled_data, \
713  { "Reassembled data", abbrev_prefix ".reassembled.data", \
714  FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } \
715  }, \
716  { &hf_##var_prefix##_segment, \
717  { name_prefix " segment", abbrev_prefix ".segment", \
718  FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL} \
719  }
720 
752 #define REASSEMBLE_INIT_ETT_ITEMS(var_prefix) \
753  &ett_##var_prefix##_fragment, \
754  &ett_##var_prefix##_fragments
755 
758 
762 WS_DLL_PUBLIC streaming_reassembly_info_t*
764 
1125 WS_DLL_PUBLIC gint
1127  tvbuff_t* tvb, packet_info* pinfo, guint offset, gint length,
1128  proto_tree* segment_tree, proto_tree* reassembled_tree, reassembly_table streaming_reassembly_table,
1129  streaming_reassembly_info_t* reassembly_info, guint64 cur_frame_num,
1130  dissector_handle_t subdissector_handle, proto_tree* subdissector_tree, void* subdissector_data,
1131  const char* label, const fragment_items* frag_hf_items, int hf_segment_data
1132 );
1133 
1147 static inline guint64
1148 get_virtual_frame_num64(tvbuff_t* tvb, packet_info* pinfo, gint offset)
1149 {
1150  return (((guint64)pinfo->num) << 32) + (((guint64)pinfo->curr_layer_num) << 24)
1151  + ((guint64)tvb_raw_offset(tvb) + offset);
1152 }
1153 
1161 WS_DLL_PUBLIC gint
1163 
1164 /* ========================================================================= */
1165 
1166 #endif
WS_DLL_PUBLIC streaming_reassembly_info_t * streaming_reassembly_info_new(void)
Definition: reassemble.c:3214
WS_DLL_PUBLIC gint additional_bytes_expected_to_complete_reassembly(streaming_reassembly_info_t *reassembly_info)
Definition: reassemble.c:3538
WS_DLL_PUBLIC gint reassemble_streaming_data_and_call_subdissector(tvbuff_t *tvb, packet_info *pinfo, guint offset, gint length, proto_tree *segment_tree, proto_tree *reassembled_tree, reassembly_table streaming_reassembly_table, streaming_reassembly_info_t *reassembly_info, guint64 cur_frame_num, dissector_handle_t subdissector_handle, proto_tree *subdissector_tree, void *subdissector_data, const char *label, const fragment_items *frag_hf_items, int hf_segment_data)
Definition: reassemble.c:3264
Definition: reassemble.h:64
guint8 reas_in_layer_num
Definition: reassemble.h:85
const char * error
Definition: reassemble.h:97
struct _fragment_item * first_gap
Definition: reassemble.h:66
guint32 contiguous_len
Definition: reassemble.h:69
guint32 datalen
Definition: reassemble.h:77
guint32 reassembled_in
Definition: reassemble.h:83
guint32 flags
Definition: reassemble.h:89
guint ref_count
Definition: reassemble.h:68
guint32 frame
Definition: reassemble.h:70
guint32 fragment_nr_offset
Definition: reassemble.h:74
guint32 len
Definition: reassemble.h:71
Definition: reassemble.h:52
guint32 frame
Definition: reassemble.h:54
guint32 flags
Definition: reassemble.h:58
guint32 offset
Definition: reassemble.h:55
guint32 len
Definition: reassemble.h:57
Definition: reassemble.h:524
Definition: packet_info.h:44
guint8 curr_layer_num
Definition: packet_info.h:140
guint32 num
Definition: packet_info.h:48
Definition: proto.h:904
Definition: packet.c:763
Definition: reassemble.h:149
Definition: reassemble.h:138
Definition: reassemble.c:3191
Definition: tvbuff-int.h:35