2 * Declarations of outines for {fragment,segment} reassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 /* make sure that all flags that are set in a fragment entry is also set for
26 * the flags field of fd_head !!!
32 /* only in fd_head: packet is defragmented */
33 #define FD_DEFRAGMENTED 0x0001
35 /* there are overlapping fragments */
36 #define FD_OVERLAP 0x0002
38 /* overlapping fragments contain different data */
39 #define FD_OVERLAPCONFLICT 0x0004
41 /* more than one fragment which indicates end-of data */
42 #define FD_MULTIPLETAILS 0x0008
44 /* fragment contains data past the end of the datagram */
45 #define FD_TOOLONGFRAGMENT 0x0010
47 /* fragment data not alloc'ed, fd->data pointing to fd_head->data+fd->offset */
48 #define FD_NOT_MALLOCED 0x0020
50 /* this flag is used to request fragment_add to continue the reassembly process */
51 #define FD_PARTIAL_REASSEMBLY 0x0040
53 /* fragment offset is indicated by sequence number and not byte offset
54 into the defragmented packet */
55 #define FD_BLOCKSEQUENCE 0x0100
57 /* if REASSEMBLE_FLAGS_CHECK_DATA_PRESENT is set, and the first fragment is
58 * incomplete, this flag is set in the flags word on the fd_head returned.
60 * It's all a fudge to preserve historical behaviour.
62 #define FD_DATA_NOT_PRESENT 0x0200
64 /* This flag is set in (only) fd_head to denote that datalen has been set to a valid value.
65 * It's implied by FD_DEFRAGMENTED (we must know the total length of the
66 * datagram if we have defragmented it...)
68 #define FD_DATALEN_SET 0x0400
70 typedef struct _fragment_data {
71 struct _fragment_data *next;
75 guint32 datalen; /* Only valid in first item of list and when
76 * flags&FD_DATALEN_SET is set;
77 * number of bytes or (if flags&FD_BLOCKSEQUENCE set)
78 * segments in the datagram */
79 guint32 reassembled_in; /* frame where this PDU was reassembled,
80 only valid in the first item of the list
81 and when FD_DEFRAGMENTED is set*/
88 * Flags for fragment_add_seq_*
91 /* we don't have any sequence numbers - fragments are assumed to appear in
93 #define REASSEMBLE_FLAGS_NO_FRAG_NUMBER 0x0001
95 /* a special fudge for the 802.11 dissector */
96 #define REASSEMBLE_FLAGS_802_11_HACK 0x0002
98 /* causes fragment_add_seq_key to check that all the fragment data is present
99 * in the tvb, and if not, do something a bit odd. */
100 #define REASSEMBLE_FLAGS_CHECK_DATA_PRESENT 0x0004
102 /* a function for copying hash keys */
103 typedef void *(*fragment_key_copier)(const void *key);
106 * Initialize a fragment table.
108 extern void fragment_table_init(GHashTable **fragment_table);
109 extern void dcerpc_fragment_table_init(GHashTable **fragment_table);
112 * Initialize a reassembled-packet table.
114 extern void reassembled_table_init(GHashTable **reassembled_table);
117 * This function adds a new fragment to the fragment hash table.
118 * If this is the first fragment seen for this datagram, a new entry
119 * is created in the hash table, otherwise this fragment is just added
120 * to the linked list of fragments for this packet.
121 * The list of fragments for a specific datagram is kept sorted for
124 * Returns a pointer to the head of the fragment data list if we have all the
125 * fragments, NULL otherwise.
127 extern fragment_data *fragment_add(tvbuff_t *tvb, const int offset, const packet_info *pinfo,
128 const guint32 id, GHashTable *fragment_table, const guint32 frag_offset,
129 guint32 const frag_data_len, const gboolean more_frags);
130 extern fragment_data *fragment_add_multiple_ok(tvbuff_t *tvb, const int offset,
131 const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
132 const guint32 frag_offset, const guint32 frag_data_len, const gboolean more_frags);
135 * This routine extends fragment_add to use a "reassembled_table".
137 * If, after processing this fragment, we have all the fragments, they
138 * remove that from the fragment hash table if necessary and add it
139 * to the table of reassembled fragments, and return a pointer to the
140 * head of the fragment list.
142 extern fragment_data *fragment_add_check(tvbuff_t *tvb, const int offset,
143 const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
144 GHashTable *reassembled_table, const guint32 frag_offset,
145 const guint32 frag_data_len, const gboolean more_frags);
147 /* same as fragment_add() but this one assumes frag_number is a block
148 sequence number. note that frag_number is 0 for the first fragment. */
151 * These functions add a new fragment to the fragment hash table,
152 * assuming that frag_number is a block sequence number (starting from zero for
153 * the first fragment of each datagram).
155 * If this is the first fragment seen for this datagram, a new
156 * "fragment_data" structure is allocated to refer to the reassembled
159 * if "more_frags" is false, and either we have no sequence numbers, or
160 * are using the 802.11 hack, it is assumed that this is the only fragment
161 * in the datagram. The structure is not added to the hash
162 * table, and not given any fragments to refer to, but is just returned.
164 * In this latter case reassembly wasn't done (since there was only one
165 * fragment in the packet); dissectors can check the 'next' pointer on the
166 * returned list to see if this case was hit or not.
168 * Otherwise, this fragment is just added to the linked list of fragments
169 * for this packet; the fragment_data is also added to the fragment hash if
172 * If this packet completes assembly, these functions return the head of the
173 * fragment data; otherwise, they return null.
176 /* "key" should be an arbitrary key used for indexing the fragment hash;
177 * "key_copier" is called to copy the key to a more appropriate store before
178 * inserting a new entry to the hash.
180 extern fragment_data *
181 fragment_add_seq_key(tvbuff_t *tvb, const int offset, const packet_info *pinfo,
182 void *key, fragment_key_copier key_copier,
183 GHashTable *fragment_table, guint32 frag_number,
184 const guint32 frag_data_len, const gboolean more_frags,
185 const guint32 flags);
187 /* a wrapper for fragment_add_seq_key - uses a key of source, dest and id */
188 extern fragment_data *fragment_add_seq(tvbuff_t *tvb, const int offset, const packet_info *pinfo,
189 const guint32 id, GHashTable *fragment_table, const guint32 frag_number,
190 const guint32 frag_data_len, const gboolean more_frags);
192 /* another wrapper for fragment_add_seq_key - uses a key of source, dest, id
194 extern fragment_data *
195 fragment_add_dcerpc_dg(tvbuff_t *tvb, const int offset, const packet_info *pinfo, const guint32 id,
197 GHashTable *fragment_table, const guint32 frag_number,
198 const guint32 frag_data_len, const gboolean more_frags);
201 * These routines extend fragment_add_seq_key to use a "reassembled_table".
203 * If, after processing this fragment, we have all the fragments, they
204 * remove that from the fragment hash table if necessary and add it
205 * to the table of reassembled fragments, and return a pointer to the
206 * head of the fragment list.
208 extern fragment_data *
209 fragment_add_seq_check(tvbuff_t *tvb, const int offset,
210 const packet_info *pinfo, const guint32 id,
211 GHashTable *fragment_table,
212 GHashTable *reassembled_table, const guint32 frag_number,
213 const guint32 frag_data_len, const gboolean more_frags);
215 extern fragment_data *
216 fragment_add_seq_802_11(tvbuff_t *tvb, const int offset,
217 const packet_info *pinfo, const guint32 id,
218 GHashTable *fragment_table,
219 GHashTable *reassembled_table,
220 const guint32 frag_number, const guint32 frag_data_len,
221 const gboolean more_frags);
223 extern fragment_data *
224 fragment_add_seq_next(tvbuff_t *tvb, const int offset, const packet_info *pinfo,
225 const guint32 id, GHashTable *fragment_table,
226 GHashTable *reassembled_table,
227 const guint32 frag_data_len, const gboolean more_frags);
230 fragment_start_seq_check(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
231 const guint32 tot_len);
233 extern fragment_data *
234 fragment_end_seq_next(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
235 GHashTable *reassembled_table);
236 /* to specify how much to reassemble, for fragmentation where last fragment can not be
237 * identified by flags or such.
238 * note that for FD_BLOCKSEQUENCE tot_len is the index for the tail fragment.
239 * i.e. since the block numbers start at 0, if we specify tot_len==2, that
240 * actually means we want to defragment 3 blocks, block 0, 1 and 2.
244 fragment_set_tot_len(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table,
245 const guint32 tot_len);
247 /* to resad whatever totlen previously set */
249 fragment_get_tot_len(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table);
252 * This function will set the partial reassembly flag(FD_PARTIAL_REASSEMBLY) for a fh.
253 * When this function is called, the fh MUST already exist, i.e.
254 * the fh MUST be created by the initial call to fragment_add() before
255 * this function is called. Also note that this function MUST be called to indicate
256 * a fh will be extended (increase the already stored data). After calling this function,
257 * and if FD_DEFRAGMENTED is set, the reassembly process will be continued.
260 fragment_set_partial_reassembly(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table);
262 /* This function is used to check if there is partial or completed reassembly state
263 * matching this packet. I.e. Are there reassembly going on or not for this packet?
265 extern fragment_data *
266 fragment_get(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table);
268 /* The same for the reassemble table */
269 /* id *must* be the frame number for this to work! */
270 extern fragment_data *
271 fragment_get_reassembled(const guint32 id, GHashTable *reassembled_table);
273 extern fragment_data *
274 fragment_get_reassembled_id(const packet_info *pinfo, const guint32 id, GHashTable *reassembled_table);
276 /* This will free up all resources and delete reassembly state for this PDU.
277 * Except if the PDU is completely reassembled, then it would NOT deallocate the
278 * buffer holding the reassembled data but instead return the pointer to that
281 * So, if you call fragment_delete and it returns non-NULL, YOU are responsible to
282 * g_free() that buffer.
284 extern unsigned char *
285 fragment_delete(const packet_info *pinfo, const guint32 id, GHashTable *fragment_table);
287 /* hf_fragment, hf_fragment_error, and hf_reassembled_in should be
288 FT_FRAMENUM, the others should be FT_BOOLEAN
290 typedef struct _fragment_items {
296 int *hf_fragment_overlap;
297 int *hf_fragment_overlap_conflict;
298 int *hf_fragment_multiple_tails;
299 int *hf_fragment_too_long_fragment;
300 int *hf_fragment_error;
301 int *hf_fragment_count;
302 int *hf_reassembled_in;
303 int *hf_reassembled_length;
309 process_reassembled_data(tvbuff_t *tvb, const int offset, packet_info *pinfo,
310 const char *name, fragment_data *fd_head, const fragment_items *fit,
311 gboolean *update_col_infop, proto_tree *tree);
314 show_fragment_tree(fragment_data *ipfd_head, const fragment_items *fit,
315 proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);
318 show_fragment_seq_tree(fragment_data *ipfd_head, const fragment_items *fit,
319 proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);