Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: [Ethereal-dev] Defragmenting IP packets.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ronnie Sahlberg" <rsahlber@xxxxxxxxxxxxxx>
Date: Sat, 31 Mar 2001 01:08:20 +1000
Hi list,

For comments and testing, not finished, do not commit. Please test and give
me comments.
It works, but it leaks memory.

The diff was made from the cvs as of ~5 hours ago (5 hours before this mail
was sent)

Beware, this thingy still leaks memory since it never deallocates buffers
between captures.
(need an api to register cleanup functions to be called before a new file is
opened or a new
capture is started)

Also, tethereal will not build since it doesnt link with file.c

---

In order to provide defragmented IP packets to all upper layer protocols
(read RPC)
I have hacked a new wtap and a new dissector.

Virtual packets:
Virtual packets are packets that are not read from a capture file, nor were
they received on an interface.
These are "special" packets that only exist inside ethereal at runtime. They
dont exist. They will
not be written to any capture file, etc. They are built at runtime inside
ethereal.
There is a generic api for injecting/creating virtual packets of any type
inside ethereal, although
only virtual-packets representing defragmented ip-packets have been
implemented so far.
(are there really any other useful applications? perhaps reassembled
ip-packets from atm-cells?)

The api will later be documented ( i.e. call inject_packet() with a raw
packet and packet_type).


This is how it works:
wiretap/virtual-packet.x  this is a new dummy for encapsulation on VIRTUAL
packets.
This is mainly to get a new encapsulation type to identify which packets are
virtual (as in not-real)

packet-virtual.x  this is a dissector that only deals with virtual packets.
it also contains some
functions to provide an api to applications.

packet-ip.c  changes made to "remember" and defragment ip-fragments to whole
ip-packets.
calls inject_packet() in packet-virtual.c for every completed packet.

lots of other small changes


packet-ip.c has a global variable ip_defragment, if set to 0, old behaviour
is kept. Nothing will be changed.
if set to 1 (as in the patch) all successfully defragmented packets will be
displayed and dissected.
All reassembled ip packets are kept in memory and is never written to file
so memory requirements will be
higher when using ip_defragment.


Attached is the diff and a capture file containing two fragmented icmp
packets.
Load the capture in non-patched ethereal.
Install patch in testversion of ethereal and compare.

Neat ?


For the maintainers:
How should I supply the finished patch? Do you want just one-big patch that
touches all the files, or
would you like several smaller stand-alone patches?

Attachment: defragment.diff
Description: Binary data

Attachment: A995.cap
Description: Binary data

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube