Wireshark · Wireshark-dev: [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of UDP?

Wireshark-dev: [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of

Date: Wed, 25 Mar 2009 17:13:35 -0800

Hi,

We have a legacy custom plugin (written on top of UDP), which handles multicast packets which may be fragmented, which works fine for normal scenarios. However, the plugin fails to decode for the cases where there can be duplicate fragments (for eg. one coming from the actual host and another one from a firewall). The fragments are exactly the same excepting that the ethernet source address is different.

Can someone give me pointers as to how we could handle this special case when re-assembling the fragments? Is there a way to ignore packets coming from the firewall? Are there any sample plugins that have handled this case, which I can refer to?

Any suggestions would help me a lot,

Thanks,
siri

Follow-Ups:
- Re: [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of UDP?
  - From: philippe alarcon
- Re: [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of UDP?
  - From: Jeff Morriss

Prev by Date: [Wireshark-dev] HTTP reassembly?
Next by Date: [Wireshark-dev] dissector plugin help
Previous by thread: Re: [Wireshark-dev] Problem with 1.1.3 sources - native-nmake
Next by thread: Re: [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of UDP?
Index(es):
- Date
- Thread