Hi list.
I have been playing with packet-ip.c to enhance it to defragment ip-packets.
The reason for doing this is to make it easier for upper layer protocols to
decode
datastreams, and to be able to decode, say rpc, packets which span several
ip fragments.
NFS-read/write cxommands for example.
It would be, IMHO, much better to do the defragmentation in the ip-layer
before
it is passed to UPD/RPC/whatever disectors instead of reinventing ip-frgment
handling in each dissector.
I have one global variable which enables this feature, if it is cleared (=0)
functionality will be just
as before but if it is set the following happens:
* All ip fragments are displayed as an IP-header with the payload displayed
as data.
The fragment will not be passed up to upper layer dissectors. Not even the
first fragment.
All, including the first fragment is displayed in the top window as
IP-Fragment.
* in dissect_ip(), when a fragment is processed, the fragment will be added
to a hashtable
where the key is based on srcip,dstip,id.
When this function detects that (all) sufficient fragments have been
received for srcip,dstip,id
it will defragment the data to a malloc()ed buffer, which contains the fully
defragmented ip-packet.
This is all working very well, and I can get the function to print the
completed defragmented packet to stdout in hex.
What I need help with now is if someone can explain to me, or give me
pointers on how to do
the following:
I want to create new tvb,pinfo,tree structures containing the packet I have
in the buffer so I can
call dissect_ip() again.
This time the packet will not be fragmented and will thus procees up through
UDP/RPC or whatever other dissector
there might be.
So, I have created a new packet in one of the dissectors, now I want this to
appear as a completely
new IP-packet, as if it were received on the interface (though it has no
linklayer frame).
Question:
Assuming I have a complete IP-packet in a buffer.
How can I create proper tvb,pinfo,tree structures so I can call dissect_ip()
(or any other dissector)?
I want this packet to be displayed in the top-tree view, not as a subtree
inside the ip-tree for a fragmented ip-packet.
Help me with this and you will have defragmentation in the ip-layer in
ethereal.
End Question.
(the buffer is almost, but not really a proper IP-packet. eg MF-bit in flags
is cleared, offset is set to 0,
the checksum is set to 0 (I will indicate to dissect_ip() that this is a
magic packet which should not
care for these fields))
I also plan to change the displayed string for this packet so it is obvious
that this packet was not formally
recerived on an interface but a defragmented-(virtual?)-ip-packet.
I also plan later to verify if fragments are overlapping that they do not
contain conflicting data and indicate this.
Defragmentation will be possible to activate or deactivate by changing a
global variable.
This type of defragmentation will be really useful for protocols as NFS and
similar that uses a lot
of packets which become fragmented.
Please help.
