Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Different reassembly needs

From: Paul Williamson <paul@xxxxxxxxxxxxx>
Date: Thu, 19 Jan 2017 09:20:16 -0800
I want to add fragmentation reassembly to the dissector I'm improving for DVB-S2-BB. To get things exactly right, I'll need to reassemble in a way that doesn't seem to be supported by the existing code in epan/reassemble.[ch]. What approach is considered most preferable?

1. Modify epan/reassemble.[ch] to do what I need, or

2. Write my own reassembly code that just works for me, or

3. Write adapter code that tries hard to use epan/reassemble.[ch] where possible but adapts it to my needs, or

4. Just use epan/reassemble.[ch] and don't worry about getting reassembly exactly right according to the protocol spec.

If you're interested in the details, here are some. The protocol I'm dissecting is an encapsulation protocol running encapsulated in UDP. Fragments are tagged as first, last, or in between, and arrive in order without a sequence number, so the existing function fragment_add_seq_next() is close to what I need. I also need to check whether a first fragment has already been received before adding a last or in-between fragment, and I think I can do that with fragment_get().

However, I also need to age out old fragments. There isn't currently a function like fragment_add_seq_next_aging() in the code, but perhaps it would be easy enough to add. Unfortunately, the existing aging mechanism in epan/reassemble.[ch] is based on pinfo->num, and to comply with the spec I need it to be based on a count of frames of my specific protocol.This is where I think I'd need to modify epan/reassemble.[ch].

I'd appreciate any thoughts on how I should proceed.

  -Paul