Wireshark · Wireshark-dev: Re: [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of UDP?

Wireshark-dev: Re: [Wireshark-dev] How to handle duplicate fragments for a plugin written on to

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Thu, 26 Mar 2009 09:38:59 -0400



siri m wrote:

Hi,
We have a legacy custom plugin (written on top of UDP), which handlesmulticast packets which may be fragmented, which works fine for normalscenarios. However, the plugin fails to decode for the cases where therecan be duplicate fragments (for eg. one coming from the actual host andanother one from a firewall). The fragments are exactly the sameexcepting that the ethernet source address is different.
Can someone give me pointers as to how we could handle this special casewhen re-assembling the fragments? Is there a way to ignore packetscoming from the firewall? Are there any sample plugins that have handledthis case, which I can refer to?

Do the fragments have sequence numbers? If so your reassembly codecould check them and drop the duplicates. I think/imagine that's howmost dissectors handle reassembly.

References:
- [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of UDP?
  - From: siri m

Prev by Date: Re: [Wireshark-dev] Problem with 1.1.3 sources - native-nmake
Next by Date: Re: [Wireshark-dev] save SDP attributes
Previous by thread: Re: [Wireshark-dev] How to handle duplicate fragments for a plugin written on top of UDP?
Next by thread: [Wireshark-dev] dissector plugin help
Index(es):
- Date
- Thread