Wireshark-dev: [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of
From: siri m <[email protected]>
Date: Wed, 25 Mar 2009 17:13:35 -0800

We have a legacy custom plugin (written on top of UDP), which handles multicast packets which may be fragmented, which works fine for normal scenarios. However, the plugin fails to decode for the cases where there can be duplicate fragments (for eg. one coming from the actual host and another one from a firewall). The fragments are exactly the same excepting that the ethernet source address is different.

Can someone give me pointers as to how we could handle this special case when re-assembling the fragments? Is there a way to ignore packets coming from the firewall? Are there any sample plugins that have handled this case, which I can refer to?

Any suggestions would help me a lot,