On Dec 22, 2010, at 12:58 AM, Kaul wrote:
> Can I use something like tcp_dissect_pdus() for UDP packets? Specifically, Kerberos over UDP - I think we can get the PDU length from the packet and get a complete PDU.
tcp_dissect_pdus() handles the particular case of protocols running atop a byte-stream protocol, where the lower-level protocol has no packet boundaries, and the upper-level protocol has to impose packet boundaries atop that. Reassembly of higher-level packets requires the higher-level protocol to indicate when packets begin and end, and requires the lower-level protocol to reassemble parts of segments as dictated by the higher-level protocol. tcp_dissect_pdus() is for use by the higher-level protocol to do its part of the job in cases where, for example, each higher-level packet begins with a packet-length field. (I think we
UDP is a packet-based, not byte-stream-based, protocol, as is IP. If the fragmentation in question is IP fragmentation, reassembly is done by the IP dissector; it needs no help from upper-layer protocols to do that. If the fragmentation in question is done at the layer of the protocol running atop UDP, so that a higher-level packet is reassembled from multiple independent UDP datagrams, rather than the higher-level packet being a single UDP packet reassembled from multiple IP fragments, then that protocol needs not only to provide a length, it also needs to provide sequence numbers, as UDP provides no guarantees of delivery, much less guarantees of in-order delivery.
So:
as Sake noted, if the fragmentation is done at the Kerberos layer, Kerberos must put more than a PDU length into the packet to make it work, e.g. it must include a sequence number;
as Ronnie noted, if the fragmentation is done at the IP layer, the work is already being done for you - you just need to enable reassembly of fragmented IP datagrams in the IPv4 and IPv6 dissector preferences, if it's not already enabled.
I suspect it's done at the IP layer.
