2 * Declarations of outines for {fragment,segment} reassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 /* make sure that all flags that are set in a fragment entry is also set for
26 * the flags field of fd_head !!!
29 /* only in fd_head: packet is defragmented */
30 #define FD_DEFRAGMENTED 0x0001
32 /* there are overlapping fragments */
33 #define FD_OVERLAP 0x0002
35 /* overlapping fragments contain different data */
36 #define FD_OVERLAPCONFLICT 0x0004
38 /* more than one fragment which indicates end-of data */
39 #define FD_MULTIPLETAILS 0x0008
41 /* fragment contains data past the end of the datagram */
42 #define FD_TOOLONGFRAGMENT 0x0010
44 /* fragment data not alloc'ed, fd->data pointing to fd_head->data+fd->offset */
45 #define FD_NOT_MALLOCED 0x0020
47 /* this flag is used to request fragment_add to continue the reassembly process */
48 #define FD_PARTIAL_REASSEMBLY 0x0040
50 /* fragment offset is indicated by sequence number and not byte offset
51 into the defragmented packet */
52 #define FD_BLOCKSEQUENCE 0x0100
54 /* if REASSEMBLE_FLAGS_CHECK_DATA_PRESENT is set, and the first fragment is
55 * incomplete, this flag is set in the flags word on the fd_head returned.
57 * It's all a fudge to preserve historical behaviour.
59 #define FD_DATA_NOT_PRESENT 0x0200
61 /* This flag is set in (only) fd_head to denote that datalen has been set to a valid value.
62 * It's implied by FD_DEFRAGMENTED (we must know the total length of the
63 * datagram if we have defragmented it...)
65 #define FD_DATALEN_SET 0x0400
67 typedef struct _fragment_data {
68 struct _fragment_data *next;
72 guint32 datalen; /* Only valid in first item of list and when
73 * flags&FD_DATALEN_SET is set;
74 * number of bytes or (if flags&FD_BLOCKSEQUENCE set)
75 * segments in the datagram */
76 guint32 reassembled_in; /* frame where this PDU was reassembled,
77 only valid in the first item of the list
78 and when FD_DEFRAGMENTED is set*/
85 * Flags for fragment_add_seq_*
88 /* we don't have any sequence numbers - fragments are assumed to appear in
90 #define REASSEMBLE_FLAGS_NO_FRAG_NUMBER 0x0001
92 /* a special fudge for the 802.11 dissector */
93 #define REASSEMBLE_FLAGS_802_11_HACK 0x0002
95 /* causes fragment_add_seq_key to check that all the fragment data is present
96 * in the tvb, and if not, do something a bit odd. */
97 #define REASSEMBLE_FLAGS_CHECK_DATA_PRESENT 0x0004
99 /* a function for copying hash keys */
100 typedef void *(*fragment_key_copier)(const void *key);
103 * Initialize a fragment table.
105 extern void fragment_table_init(GHashTable **fragment_table);
106 extern void dcerpc_fragment_table_init(GHashTable **fragment_table);
109 * Initialize a reassembled-packet table.
111 extern void reassembled_table_init(GHashTable **reassembled_table);
114 * This function adds a new fragment to the fragment hash table.
115 * If this is the first fragment seen for this datagram, a new entry
116 * is created in the hash table, otherwise this fragment is just added
117 * to the linked list of fragments for this packet.
118 * The list of fragments for a specific datagram is kept sorted for
121 * Returns a pointer to the head of the fragment data list if we have all the
122 * fragments, NULL otherwise.
124 extern fragment_data *fragment_add(tvbuff_t *tvb, const int offset, const packet_info *pinfo,
125 const guint32 id, GHashTable *fragment_table, const guint32 frag_offset,
126 guint32 const frag_data_len, const gboolean more_frags);
127 extern fragment_data *fragment_add_multiple_ok(tvbuff_t *tvb, const int offset,
128 const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
129 const guint32 frag_offset, const guint32 frag_data_len, const gboolean more_frags);
132 * This routine extends fragment_add to use a "reassembled_table".
134 * If, after processing this fragment, we have all the fragments, they
135 * remove that from the fragment hash table if necessary and add it
136 * to the table of reassembled fragments, and return a pointer to the
137 * head of the fragment list.
139 extern fragment_data *fragment_add_check(tvbuff_t *tvb, const int offset,
140 const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
141 GHashTable *reassembled_table, const guint32 frag_offset,
142 const guint32 frag_data_len, const gboolean more_frags);
144 /* same as fragment_add() but this one assumes frag_number is a block
145 sequence number. note that frag_number is 0 for the first fragment. */
148 * These functions add a new fragment to the fragment hash table,
149 * assuming that frag_number is a block sequence number (starting from zero for
150 * the first fragment of each datagram).
152 * If this is the first fragment seen for this datagram, a new
153 * "fragment_data" structure is allocated to refer to the reassembled
156 * if "more_frags" is false, and either we have no sequence numbers, or
157 * are using the 802.11 hack, it is assumed that this is the only fragment
158 * in the datagram. The structure is not added to the hash
159 * table, and not given any fragments to refer to, but is just returned.
161 * In this latter case reassembly wasn't done (since there was only one
162 * fragment in the packet); dissectors can check the 'next' pointer on the
163 * returned list to see if this case was hit or not.
165 * Otherwise, this fragment is just added to the linked list of fragments
166 * for this packet; the fragment_data is also added to the fragment hash if
169 * If this packet completes assembly, these functions return the head of the
170 * fragment data; otherwise, they return null.
173 /* "key" should be an arbitrary key used for indexing the fragment hash;
174 * "key_copier" is called to copy the key to a more appropriate store before
175 * inserting a new entry to the hash.
177 extern fragment_data *
178 fragment_add_seq_key(tvbuff_t *tvb, const int offset, const packet_info *pinfo,
179 void *key, fragment_key_copier key_copier,
180 GHashTable *fragment_table, guint32 frag_number,
181 const guint32 frag_data_len, const gboolean more_frags,
182 const guint32 flags);
184 /* a wrapper for fragment_add_seq_key - uses a key of source, dest and id */
185 extern fragment_data *fragment_add_seq(tvbuff_t *tvb, const int offset, const packet_info *pinfo,
186 const guint32 id, GHashTable *fragment_table, const guint32 frag_number,
187 const guint32 frag_data_len, const gboolean more_frags);
189 /* another wrapper for fragment_add_seq_key - uses a key of source, dest, id
191 extern fragment_data *
192 fragment_add_dcerpc_dg(tvbuff_t *tvb, const int offset, const packet_info *pinfo, const guint32 id,
194 GHashTable *fragment_table, const guint32 frag_number,
195 const guint32 frag_data_len, const gboolean more_frags);
198 * These routines extend fragment_add_seq_key to use a "reassembled_table".
200 * If, after processing this fragment, we have all the fragments, they
201 * remove that from the fragment hash table if necessary and add it
202 * to the table of reassembled fragments, and return a pointer to the
203 * head of the fragment list.
205 extern fragment_data *
206 fragment_add_seq_check(tvbuff_t *tvb, const int offset,
207 const packet_info *pinfo, const guint32 id,
208 GHashTable *fragment_table,
209 GHashTable *reassembled_table, const guint32 frag_number,
210 const guint32 frag_data_len, const gboolean more_frags);
212 extern fragment_data *
213 fragment_add_seq_802_11(tvbuff_t *tvb, const int offset,
214 const packet_info *pinfo, const guint32 id,
215 GHashTable *fragment_table,
216 GHashTable *reassembled_table,
217 const guint32 frag_number, const guint32 frag_data_len,
218 const gboolean more_frags);
220 extern fragment_data *
221 fragment_add_seq_next(tvbuff_t *tvb, const int offset, const packet_info *pinfo,
222 const guint32 id, GHashTable *fragment_table,
223 GHashTable *reassembled_table,
224 const guint32 frag_data_len, const gboolean more_frags);
227 fragment_start_seq_check(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
228 const guint32 tot_len);
230 extern fragment_data *
231 fragment_end_seq_next(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
232 GHashTable *reassembled_table);
233 /* to specify how much to reassemble, for fragmentation where last fragment can not be
234 * identified by flags or such.
235 * note that for FD_BLOCKSEQUENCE tot_len is the index for the tail fragment.
236 * i.e. since the block numbers start at 0, if we specify tot_len==2, that
237 * actually means we want to defragment 3 blocks, block 0, 1 and 2.
241 fragment_set_tot_len(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
242 const guint32 tot_len);
244 /* to resad whatever totlen previously set */
246 fragment_get_tot_len(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table);
249 * This function will set the partial reassembly flag(FD_PARTIAL_REASSEMBLY) for a fh.
250 * When this function is called, the fh MUST already exist, i.e.
251 * the fh MUST be created by the initial call to fragment_add() before
252 * this function is called. Also note that this function MUST be called to indicate
253 * a fh will be extended (increase the already stored data). After calling this function,
254 * and if FD_DEFRAGMENTED is set, the reassembly process will be continued.
257 fragment_set_partial_reassembly(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table);
259 /* This function is used to check if there is partial or completed reassembly state
260 * matching this packet. I.e. Are there reassembly going on or not for this packet?
262 extern fragment_data *
263 fragment_get(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table);
265 /* The same for the reassemble table */
266 /* id *must* be the frame number for this to work! */
267 extern fragment_data *
268 fragment_get_reassembled(const guint32 id, GHashTable *reassembled_table);
270 extern fragment_data *
271 fragment_get_reassembled_id(const packet_info *pinfo, const guint32 id, GHashTable *reassembled_table);
273 /* This will free up all resources and delete reassembly state for this PDU.
274 * Except if the PDU is completely reassembled, then it would NOT deallocate the
275 * buffer holding the reassembled data but instead return the pointer to that
278 * So, if you call fragment_delete and it returns non-NULL, YOU are responsible to
279 * g_free() that buffer.
281 extern unsigned char *
282 fragment_delete(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table);
284 /* hf_fragment, hf_fragment_error, and hf_reassembled_in should be
285 FT_FRAMENUM, the others should be FT_BOOLEAN
287 typedef struct _fragment_items {
293 int *hf_fragment_overlap;
294 int *hf_fragment_overlap_conflict;
295 int *hf_fragment_multiple_tails;
296 int *hf_fragment_too_long_fragment;
297 int *hf_fragment_error;
298 int *hf_fragment_count;
299 int *hf_reassembled_in;
300 int *hf_reassembled_length;
306 process_reassembled_data(tvbuff_t *tvb, const int offset, packet_info *pinfo,
307 const char *name, fragment_data *fd_head, const fragment_items *fit,
308 gboolean *update_col_infop, proto_tree *tree);
311 show_fragment_tree(fragment_data *ipfd_head, const fragment_items *fit,
312 proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);
315 show_fragment_seq_tree(fragment_data *ipfd_head, const fragment_items *fit,
316 proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);