dcerpc-netlogon: improve NetrLogonGetCapabilities dissection
[wireshark-sm.git] / epan / reassemble.h
blob6c53c17b4f22cf959563d5b154266e1d0fb90e2a
1 /** @file
2 * Declarations of routines for {fragment,segment} reassembly
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
11 /* make sure that all flags that are set in a fragment entry is also set for
12 * the flags field of fd_head !!!
15 #ifndef REASSEMBLE_H
16 #define REASSEMBLE_H
18 #include "ws_symbol_export.h"
20 /* only in fd_head: packet is defragmented */
21 #define FD_DEFRAGMENTED 0x0001
23 /* there are overlapping fragments */
24 #define FD_OVERLAP 0x0002
26 /* overlapping fragments contain different data */
27 #define FD_OVERLAPCONFLICT 0x0004
29 /* more than one fragment which indicates end-of data */
30 #define FD_MULTIPLETAILS 0x0008
32 /* fragment starts before the end of the datagram but extends
33 past the end of the datagram */
34 #define FD_TOOLONGFRAGMENT 0x0010
36 /* fragment tvb is subset, don't tvb_free() it */
37 #define FD_SUBSET_TVB 0x0020
39 /* this flag is used to request fragment_add to continue the reassembly process */
40 #define FD_PARTIAL_REASSEMBLY 0x0040
42 /* fragment offset is indicated by sequence number and not byte offset
43 into the defragmented packet */
44 #define FD_BLOCKSEQUENCE 0x0100
46 /* This flag is set in (only) fd_head to denote that datalen has been set to a valid value.
47 * It's implied by FD_DEFRAGMENTED (we must know the total length of the
48 * datagram if we have defragmented it...)
50 #define FD_DATALEN_SET 0x0400
52 typedef struct _fragment_item {
53 struct _fragment_item *next;
54 uint32_t frame; /**< frame number where the fragment is from */
55 uint32_t offset; /**< fragment number for FD_BLOCKSEQUENCE, byte
56 * offset otherwise */
57 uint32_t len; /**< fragment length */
58 uint32_t flags; /**< XXX - do some of these apply only to reassembly
59 * heads and others only to fragments within
60 * a reassembly? */
61 tvbuff_t *tvb_data;
62 } fragment_item;
64 typedef struct _fragment_head {
65 struct _fragment_item *next;
66 struct _fragment_item *first_gap; /**< pointer to last fragment before first gap.
67 * NULL if there is no fragment starting at offset 0 */
68 unsigned ref_count; /**< reference count in reassembled_table */
69 uint32_t contiguous_len; /**< contiguous length from head up to first gap */
70 uint32_t frame; /**< maximum of all frame numbers added to reassembly */
71 uint32_t len; /**< When flags&FD_BLOCKSEQUENCE and FD_DEFRAGMENTED
72 * are set, the number of bytes of the full datagram.
73 * Otherwise not valid. */
74 uint32_t fragment_nr_offset; /**< offset for frame numbering, for sequences, where the
75 * provided fragment number of the first fragment does
76 * not start with 0 */
77 uint32_t datalen; /**< When flags&FD_BLOCKSEQUENCE is set, the
78 * index of the last block (segments in
79 * datagram + 1); otherwise the number of
80 * bytes of the full datagram. Only valid in
81 * the first item of the fragments list when
82 * flags&FD_DATALEN is set.*/
83 uint32_t reassembled_in; /**< frame where this PDU was reassembled,
84 * only valid when FD_DEFRAGMENTED is set */
85 uint8_t reas_in_layer_num; /**< The current "depth" or layer number in the current
86 * frame where reassembly was completed.
87 * Example: in SCTP there can be several data chunks and
88 * we want the reassembled tvb for the final segment only. */
89 uint32_t flags; /**< XXX - do some of these apply only to reassembly
90 * heads and others only to fragments within
91 * a reassembly? */
92 tvbuff_t *tvb_data;
93 /**
94 * Null if the reassembly had no error; non-null if it had
95 * an error, in which case it's the string for the error.
97 const char *error;
98 } fragment_head;
101 * Flags for fragment_add_seq_*
104 /* we don't have any sequence numbers - fragments are assumed to appear in
105 * order */
106 #define REASSEMBLE_FLAGS_NO_FRAG_NUMBER 0x0001
108 /* a special fudge for the 802.11 dissector */
109 #define REASSEMBLE_FLAGS_802_11_HACK 0x0002
112 * Flags for fragment_add_seq_single_*
115 /* we want to age off old packets */
116 #define REASSEMBLE_FLAGS_AGING 0x0001
119 * Generates a fragment identifier based on the given parameters. "data" is an
120 * opaque type whose interpretation is up to the caller of fragment_add*
121 * functions and the fragment key function (possibly NULL if you do not care).
123 * Keys returned by this function are only used within this packet scope.
125 typedef void * (*fragment_temporary_key)(const packet_info *pinfo,
126 const uint32_t id, const void *data);
129 * Like fragment_temporary_key, but used for identifying reassembled fragments
130 * which may persist through multiple packets.
132 typedef void * (*fragment_persistent_key)(const packet_info *pinfo,
133 const uint32_t id, const void *data);
136 * Data structure to keep track of fragments and reassemblies.
138 typedef struct {
139 GHashTable *fragment_table;
140 GHashTable *reassembled_table;
141 fragment_temporary_key temporary_key_func;
142 fragment_persistent_key persistent_key_func;
143 GDestroyNotify free_temporary_key_func; /* temporary key destruction function */
144 } reassembly_table;
147 * Table of functions for a reassembly table.
149 typedef struct {
150 /* Functions for fragment table */
151 GHashFunc hash_func; /* hash function */
152 GEqualFunc equal_func; /* comparison function */
153 fragment_temporary_key temporary_key_func; /* temporary key creation function */
154 fragment_persistent_key persistent_key_func; /* persistent key creation function */
155 GDestroyNotify free_temporary_key_func; /* temporary key destruction function */
156 GDestroyNotify free_persistent_key_func; /* persistent key destruction function */
157 } reassembly_table_functions;
160 * Tables of functions exported for the benefit of dissectors that
161 * don't need special items in their keys.
163 WS_DLL_PUBLIC const reassembly_table_functions
164 addresses_reassembly_table_functions; /* keys have endpoint addresses and an ID */
165 WS_DLL_PUBLIC const reassembly_table_functions
166 addresses_ports_reassembly_table_functions; /* keys have endpoint addresses and ports and an ID */
169 * Register a reassembly table. By registering the table with epan, the creation and
170 * destruction of the table can be managed by epan and not the dissector.
172 WS_DLL_PUBLIC void
173 reassembly_table_register(reassembly_table *table,
174 const reassembly_table_functions *funcs);
177 * Initialize/destroy a reassembly table.
179 * init: If table doesn't exist: create table;
180 * else: just remove any entries;
181 * destroy: remove entries and destroy table;
183 WS_DLL_PUBLIC void
184 reassembly_table_init(reassembly_table *table,
185 const reassembly_table_functions *funcs);
186 WS_DLL_PUBLIC void
187 reassembly_table_destroy(reassembly_table *table);
190 * This function adds a new fragment to the reassembly table
191 * If this is the first fragment seen for this datagram, a new entry
192 * is created in the table, otherwise this fragment is just added
193 * to the linked list of fragments for this packet.
194 * The list of fragments for a specific datagram is kept sorted for
195 * easier handling.
197 * Datagrams (messages) are identified by a key generated by
198 * fragment_temporary_key or fragment_persistent_key, based on the "pinfo", "id"
199 * and "data" pairs. (This is the sole purpose of "data".)
201 * Fragments are identified by "frag_offset".
203 * Returns a pointer to the head of the fragment data list if we have all the
204 * fragments, NULL otherwise. Note that the reassembled fragments list may have
205 * a non-zero fragment offset, the only guarantee is that no gaps exist within
206 * the list.
208 * @note Reused keys are assumed to refer to the same reassembled message
209 * (i.e., retransmission). If the same "id" is used more than once on a
210 * connection, then "data" and custom reassembly_table_functions should be
211 * used so that the keys hash differently.
213 WS_DLL_PUBLIC fragment_head *
214 fragment_add(reassembly_table *table, tvbuff_t *tvb, const int offset,
215 const packet_info *pinfo, const uint32_t id, const void *data,
216 const uint32_t frag_offset, const uint32_t frag_data_len,
217 const bool more_frags);
219 * Like fragment_add, except that the fragment may be added to multiple
220 * reassembly tables. This is needed when multiple protocol layers try
221 * to add the same packet to the reassembly table.
223 WS_DLL_PUBLIC fragment_head *
224 fragment_add_multiple_ok(reassembly_table *table, tvbuff_t *tvb,
225 const int offset, const packet_info *pinfo,
226 const uint32_t id, const void *data,
227 const uint32_t frag_offset,
228 const uint32_t frag_data_len,
229 const bool more_frags);
232 * Like fragment_add, except that the fragment may originate from a frame
233 * other than pinfo->num. For use when you are adding an out of order segment
234 * that arrived in an earlier frame, so that show_fragment_tree will display
235 * the correct fragment numbers.
237 * This is for protocols like TCP, where the correct reassembly to add a
238 * segment to cannot be determined without processing previous segments
239 * in sequence order, including handing them to subdissectors.
241 * Note that pinfo is still used to set reassembled_in if we have all the
242 * fragments, so that results on subsequent passes can be the same as the
243 * first pass.
245 WS_DLL_PUBLIC fragment_head *
246 fragment_add_out_of_order(reassembly_table *table, tvbuff_t *tvb,
247 const int offset, const packet_info *pinfo,
248 const uint32_t id, const void *data,
249 const uint32_t frag_offset,
250 const uint32_t frag_data_len,
251 const bool more_frags, const uint32_t frag_frame);
253 * Like fragment_add, but maintains a table for completed reassemblies.
255 * If the packet was seen before, return the head of the fully reassembled
256 * fragments list (NULL if there was none).
258 * Otherwise (if reassembly was not possible before), try to add the new
259 * fragment to the fragments table. If reassembly is now possible, remove all
260 * (reassembled) fragments from the fragments table and store it as a completed
261 * reassembly. The head of this reassembled fragments list is returned.
263 * Otherwise (if reassembly is still not possible after adding this fragment),
264 * return NULL.
266 * @note Completed reassemblies are removed from the in-progress table, so
267 * key can be reused to begin a new reassembled message. Conversely,
268 * dissectors SHOULD NOT call this with a retransmitted fragment of a
269 * completed reassembly. Dissectors atop a reliable protocol like TCP
270 * may assume that the lower layer dissector handles retransmission,
271 * but other dissectors (e.g., atop UDP or Ethernet) will have to handle
272 * that situation themselves.
274 WS_DLL_PUBLIC fragment_head *
275 fragment_add_check(reassembly_table *table, tvbuff_t *tvb, const int offset,
276 const packet_info *pinfo, const uint32_t id,
277 const void *data, const uint32_t frag_offset,
278 const uint32_t frag_data_len, const bool more_frags);
281 * Like fragment_add_check, but handles retransmissions after reassembly.
283 * Start new reassembly only if there is no reassembly in progress and there
284 * is no completed reassembly reachable from fallback_frame. If there is
285 * completed reassembly (reachable from fallback_frame), simply links this
286 * packet into the list, updating the flags if necessary (however actual data
287 * and reassembled in frame won't be modified).
289 WS_DLL_PUBLIC fragment_head *
290 fragment_add_check_with_fallback(reassembly_table *table, tvbuff_t *tvb, const int offset,
291 const packet_info *pinfo, const uint32_t id,
292 const void *data, const uint32_t frag_offset,
293 const uint32_t frag_data_len, const bool more_frags,
294 const uint32_t fallback_frame);
297 * Like fragment_add, but fragments have a block sequence number starting from
298 * zero (for the first fragment of each datagram). This differs from
299 * fragment_add for which the fragment may start at any offset.
301 * If this is the first fragment seen for this datagram, a new
302 * "fragment_head" structure is allocated to refer to the reassembled
303 * packet, and:
305 * if "more_frags" is false, and either we have no sequence numbers, or
306 * are using the 802.11 hack (via fragment_add_seq_802_11), it is assumed that
307 * this is the only fragment in the datagram. The structure is not added to the
308 * hash table, and not given any fragments to refer to, but is just returned.
310 * In this latter case reassembly wasn't done (since there was only one
311 * fragment in the packet); dissectors can check the 'next' pointer on the
312 * returned list to see if this case was hit or not.
314 * Otherwise, this fragment is just added to the linked list of fragments
315 * for this packet; the fragment_item is also added to the fragment hash if
316 * necessary.
318 * If this packet completes assembly, these functions return the head of the
319 * fragment data; otherwise, they return null.
321 * @note Reused keys are assumed to refer to the same reassembled message
322 * (i.e., retransmission). If the same "id" is used more than once on a
323 * connection, then "data" and custom reassembly_table_functions should be
324 * used so that the keys hash differently.
326 WS_DLL_PUBLIC fragment_head *
327 fragment_add_seq(reassembly_table *table, tvbuff_t *tvb, const int offset,
328 const packet_info *pinfo, const uint32_t id, const void *data,
329 const uint32_t frag_number, const uint32_t frag_data_len,
330 const bool more_frags, const uint32_t flags);
333 * Like fragment_add_seq, but maintains a table for completed reassemblies
334 * just like fragment_add_check.
336 * @note Completed reassemblies are removed from the in-progress table, so
337 * key can be reused to begin a new reassembled message. Conversely,
338 * dissectors SHOULD NOT call this with a retransmitted fragment of a
339 * completed reassembly. Dissectors atop a reliable protocol like TCP
340 * may assume that the lower layer dissector handles retransmission,
341 * but other dissectors (e.g., atop UDP or Ethernet) will have to handle
342 * that situation themselves.
344 WS_DLL_PUBLIC fragment_head *
345 fragment_add_seq_check(reassembly_table *table, tvbuff_t *tvb, const int offset,
346 const packet_info *pinfo, const uint32_t id,
347 const void *data,
348 const uint32_t frag_number, const uint32_t frag_data_len,
349 const bool more_frags);
352 * Like fragment_add_seq_check, but immediately returns a fragment list for a
353 * new fragment. This is a workaround specific for the 802.11 dissector, do not
354 * use it elsewhere.
356 WS_DLL_PUBLIC fragment_head *
357 fragment_add_seq_802_11(reassembly_table *table, tvbuff_t *tvb,
358 const int offset, const packet_info *pinfo,
359 const uint32_t id, const void *data,
360 const uint32_t frag_number, const uint32_t frag_data_len,
361 const bool more_frags);
364 * Like fragment_add_seq_check, but without explicit fragment number. Fragments
365 * are simply appended until no "more_frags" is false.
367 * @note Out of order fragments will not be reassembled correctly.
368 * Dissectors atop a reliable protocol like TCP may rely on the lower
369 * level dissector reordering out or order segments (if the appropriate
370 * out of order reassembly preference is enabled), but other dissectors
371 * will have to handle out of order fragments themselves, if possible.
373 WS_DLL_PUBLIC fragment_head *
374 fragment_add_seq_next(reassembly_table *table, tvbuff_t *tvb, const int offset,
375 const packet_info *pinfo, const uint32_t id,
376 const void *data, const uint32_t frag_data_len,
377 const bool more_frags);
380 * Like fragment_add_seq_check, but for protocols like PPP MP with a single
381 * sequence number that increments for each fragment, thus acting like the sum
382 * of the PDU sequence number and explicit fragment number in other protocols.
383 * See Appendix A of RFC 4623 (PWE3 Fragmentation and Reassembly) for a list
384 * of protocols that use this style, including PPP MP (RFC 1990), PWE3 MPLS
385 * (RFC 4385), L2TPv2 (RFC 2661), L2TPv3 (RFC 3931), ATM, and Frame Relay.
386 * It is guaranteed to reassemble a packet split up to "max_frags" in size,
387 * but may manage to reassemble more in certain cases.
389 WS_DLL_PUBLIC fragment_head *
390 fragment_add_seq_single(reassembly_table *table, tvbuff_t *tvb,
391 const int offset, const packet_info *pinfo, const uint32_t id,
392 const void* data, const uint32_t frag_data_len,
393 const bool first, const bool last,
394 const uint32_t max_frags);
397 * A variation on the above that ages off fragments that have not been
398 * reassembled. Useful if the sequence number loops to deal with leftover
399 * fragments from the beginning of the capture or missing fragments.
401 WS_DLL_PUBLIC fragment_head *
402 fragment_add_seq_single_aging(reassembly_table *table, tvbuff_t *tvb,
403 const int offset, const packet_info *pinfo, const uint32_t id,
404 const void* data, const uint32_t frag_data_len,
405 const bool first, const bool last,
406 const uint32_t max_frags, const uint32_t max_age);
409 * Start a reassembly, expecting "tot_len" as the number of given fragments (not
410 * the number of bytes). Data can be added later using fragment_add_seq_check.
412 WS_DLL_PUBLIC void
413 fragment_start_seq_check(reassembly_table *table, const packet_info *pinfo,
414 const uint32_t id, const void *data,
415 const uint32_t tot_len);
418 * Mark end of reassembly and returns the reassembled fragment (if completed).
419 * Use it when fragments were added with "more_flags" set while you discovered
420 * that no more fragments have to be added.
421 * This is for fragments added with add_seq_next; it doesn't check for gaps,
422 * and doesn't set datalen correctly for the fragment_add family.
424 WS_DLL_PUBLIC fragment_head *
425 fragment_end_seq_next(reassembly_table *table, const packet_info *pinfo,
426 const uint32_t id, const void *data);
428 /* To specify the offset for the fragment numbering, the first fragment is added with 0, and
429 * afterwards this offset is set. All additional calls to off_seq_check will calculate
430 * the number in sequence in regards to the offset */
431 WS_DLL_PUBLIC void
432 fragment_add_seq_offset(reassembly_table *table, const packet_info *pinfo, const uint32_t id,
433 const void *data, const uint32_t fragment_offset);
436 * Sets the expected index for the last block (for fragment_add_seq functions)
437 * or the expected number of bytes (for fragment_add functions). A reassembly
438 * must already have started.
440 * Note that for FD_BLOCKSEQUENCE tot_len is the index for the tail fragment.
441 * i.e. since the block numbers start at 0, if we specify tot_len==2, that
442 * actually means we want to defragment 3 blocks, block 0, 1 and 2.
444 WS_DLL_PUBLIC void
445 fragment_set_tot_len(reassembly_table *table, const packet_info *pinfo,
446 const uint32_t id, const void *data, const uint32_t tot_len);
449 * Similar to fragment_set_tot_len, it sets the expected number of bytes (for
450 * fragment_add functions) for a previously started reassembly. If the specified
451 * length already matches the reassembled length, then nothing will be done.
453 * If the fragments were previously reassembled, then this state will be
454 * cleared, allowing new fragments to extend the reassembled result again.
456 void
457 fragment_reset_tot_len(reassembly_table *table, const packet_info *pinfo,
458 const uint32_t id, const void *data, const uint32_t tot_len);
461 * Truncates the size of an already defragmented reassembly to tot_len,
462 * discarding past that point, including splitting any fragments in the
463 * middle as necessary. The specified length must be less than or equal
464 * to the reassembled length. (If it already matches the reassembled length,
465 * then nothing will be done.)
467 * Used for continuous streams like TCP, where the length of a segment cannot
468 * be determined without first reassembling and handing to a subdissector.
470 void
471 fragment_truncate(reassembly_table *table, const packet_info *pinfo,
472 const uint32_t id, const void *data, const uint32_t tot_len);
475 * Return the expected index for the last block (for fragment_add_seq functions)
476 * or the expected number of bytes (for fragment_add functions).
478 WS_DLL_PUBLIC uint32_t
479 fragment_get_tot_len(reassembly_table *table, const packet_info *pinfo,
480 const uint32_t id, const void *data);
483 * This function will set the partial reassembly flag(FD_PARTIAL_REASSEMBLY) for a fh.
484 * When this function is called, the fh MUST already exist, i.e.
485 * the fh MUST be created by the initial call to fragment_add() before
486 * this function is called. Also note that this function MUST be called to indicate
487 * a fh will be extended (increase the already stored data). After calling this function,
488 * and if FD_DEFRAGMENTED is set, the reassembly process will be continued.
490 WS_DLL_PUBLIC void
491 fragment_set_partial_reassembly(reassembly_table *table,
492 const packet_info *pinfo, const uint32_t id,
493 const void *data);
495 /* This function is used to check if there is partial or completed reassembly state
496 * matching this packet. I.e. Are there reassembly going on or not for this packet?
498 WS_DLL_PUBLIC fragment_head *
499 fragment_get(reassembly_table *table, const packet_info *pinfo,
500 const uint32_t id, const void *data);
502 /* The same for the reassemble table */
503 WS_DLL_PUBLIC fragment_head *
504 fragment_get_reassembled_id(reassembly_table *table, const packet_info *pinfo,
505 const uint32_t id);
507 /* This will free up all resources and delete reassembly state for this PDU.
508 * Except if the PDU is completely reassembled, then it would NOT deallocate the
509 * buffer holding the reassembled data but instead return the TVB
511 * So, if you call fragment_delete and it returns non-NULL, YOU are responsible to
512 * tvb_free() .
514 WS_DLL_PUBLIC tvbuff_t *
515 fragment_delete(reassembly_table *table, const packet_info *pinfo,
516 const uint32_t id, const void *data);
518 /* This struct holds references to all the tree and field handles used when
519 * displaying the reassembled fragment tree in the packet details view. A
520 * dissector will populate this structure with its own tree and field handles
521 * and then invoke show_fragment_tree to have those items added to the packet
522 * details tree.
524 typedef struct _fragment_items {
525 int *ett_fragment;
526 int *ett_fragments;
528 int *hf_fragments; /* FT_NONE */
529 int *hf_fragment; /* FT_FRAMENUM */
530 int *hf_fragment_overlap; /* FT_BOOLEAN */
531 int *hf_fragment_overlap_conflict; /* FT_BOOLEAN */
532 int *hf_fragment_multiple_tails; /* FT_BOOLEAN */
533 int *hf_fragment_too_long_fragment; /* FT_BOOLEAN */
534 int *hf_fragment_error; /* FT_FRAMENUM */
535 int *hf_fragment_count; /* FT_UINT32 */
536 int *hf_reassembled_in; /* FT_FRAMENUM */
537 int *hf_reassembled_length; /* FT_UINT32 */
538 int *hf_reassembled_data; /* FT_BYTES */
540 const char *tag;
541 } fragment_items;
543 WS_DLL_PUBLIC tvbuff_t *
544 process_reassembled_data(tvbuff_t *tvb, const int offset, packet_info *pinfo,
545 const char *name, fragment_head *fd_head, const fragment_items *fit,
546 bool *update_col_infop, proto_tree *tree);
548 WS_DLL_PUBLIC bool
549 show_fragment_tree(fragment_head *ipfd_head, const fragment_items *fit,
550 proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);
552 WS_DLL_PUBLIC bool
553 show_fragment_seq_tree(fragment_head *ipfd_head, const fragment_items *fit,
554 proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi);
556 /* Initialize internal structures
558 extern void reassembly_tables_init(void);
560 /* Cleanup internal structures
562 extern void
563 reassembly_table_cleanup(void);
565 /* ===================== Streaming data reassembly helper ===================== */
567 * Macro to help to define ett or hf items variables for reassembly (especially for streaming reassembly).
568 * The statement:
570 * REASSEMBLE_ITEMS_DEFINE(foo_body, "Foo Body"); // in global scope
572 * will create global variables:
574 * static int ett_foo_body_fragment;
575 * static int ett_foo_body_fragments;
576 * static int hf_foo_body_fragment;
577 * static int hf_foo_body_fragments;
578 * static int hf_foo_body_fragment_overlap;
579 * ...
580 * static int hf_foo_body_segment;
582 * static const fragment_items foo_body_fragment_items = {
583 * &ett_foo_body_fragment,
584 * &ett_foo_body_fragments,
585 * &hf_foo_body_fragments,
586 * &hf_foo_body_fragment,
587 * &hf_foo_body_fragment_overlap,
588 * ...
589 * "Foo Body fragments"
590 * };
592 #define REASSEMBLE_ITEMS_DEFINE(var_prefix, name_prefix) \
593 static int ett_##var_prefix##_fragment; \
594 static int ett_##var_prefix##_fragments; \
595 static int hf_##var_prefix##_fragments; \
596 static int hf_##var_prefix##_fragment; \
597 static int hf_##var_prefix##_fragment_overlap; \
598 static int hf_##var_prefix##_fragment_overlap_conflicts; \
599 static int hf_##var_prefix##_fragment_multiple_tails; \
600 static int hf_##var_prefix##_fragment_too_long_fragment; \
601 static int hf_##var_prefix##_fragment_error; \
602 static int hf_##var_prefix##_fragment_count; \
603 static int hf_##var_prefix##_reassembled_in; \
604 static int hf_##var_prefix##_reassembled_length; \
605 static int hf_##var_prefix##_reassembled_data; \
606 static int hf_##var_prefix##_segment; \
607 static const fragment_items var_prefix##_fragment_items = { \
608 &ett_##var_prefix##_fragment, \
609 &ett_##var_prefix##_fragments, \
610 &hf_##var_prefix##_fragments, \
611 &hf_##var_prefix##_fragment, \
612 &hf_##var_prefix##_fragment_overlap, \
613 &hf_##var_prefix##_fragment_overlap_conflicts, \
614 &hf_##var_prefix##_fragment_multiple_tails, \
615 &hf_##var_prefix##_fragment_too_long_fragment, \
616 &hf_##var_prefix##_fragment_error, \
617 &hf_##var_prefix##_fragment_count, \
618 &hf_##var_prefix##_reassembled_in, \
619 &hf_##var_prefix##_reassembled_length, \
620 &hf_##var_prefix##_reassembled_data, \
621 name_prefix " fragments" \
625 * Macro to help to initialize hf (head field) items for reassembly.
626 * The statement:
628 * void proto_register_foo(void) {
629 * static hf_register_info hf[] = {
630 * ...
631 * { &hf_proto_foo_payload,
632 * { "Payload", "foo.payload",
633 * FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
634 * },
636 * // Add fragments items
637 * REASSEMBLE_INIT_HF_ITEMS(foo_body, "Foo Body", "foo.body"),
638 * ...
639 * };
640 * ...
643 * will expand like:
645 * void proto_register_foo(void) {
646 * static hf_register_info hf[] = {
647 * ...
648 * { &hf_proto_foo_payload,
649 * { "Payload", "foo.payload",
650 * FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }
651 * },
653 * // Add fragments items
654 * { &hf_foo_body_fragments, \
655 * { "Reassembled Foo Body fragments", "foo.body.fragments", \
656 * FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } \
657 * },
658 * { &hf_foo_body_fragment, \
659 * { "Foo Body fragment", "foo.body.fragment", \
660 * FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \
661 * },
662 * { &hf_foo_body_fragment_overlap, \
663 * { "Foo Body fragment overlap", "foo.body.fragment.overlap", \
664 * FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
665 * },
666 * ...
667 * };
668 * ...
671 #define REASSEMBLE_INIT_HF_ITEMS(var_prefix, name_prefix, abbrev_prefix) \
672 { &hf_##var_prefix##_fragments, \
673 { "Reassembled " name_prefix " fragments", abbrev_prefix ".fragments", \
674 FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } \
675 }, \
676 { &hf_##var_prefix##_fragment, \
677 { name_prefix " fragment", abbrev_prefix ".fragment", \
678 FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \
679 }, \
680 { &hf_##var_prefix##_fragment_overlap, \
681 { name_prefix " fragment overlap", abbrev_prefix ".fragment.overlap", \
682 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
683 }, \
684 { &hf_##var_prefix##_fragment_overlap_conflicts, \
685 { name_prefix " fragment overlapping with conflicting data", abbrev_prefix ".fragment.overlap.conflicts", \
686 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
687 }, \
688 { &hf_##var_prefix##_fragment_multiple_tails, \
689 { name_prefix " has multiple tail fragments", abbrev_prefix ".fragment.multiple_tails", \
690 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
691 }, \
692 { &hf_##var_prefix##_fragment_too_long_fragment, \
693 { name_prefix " fragment too long", abbrev_prefix ".fragment.too_long_fragment", \
694 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \
695 }, \
696 { &hf_##var_prefix##_fragment_error, \
697 { name_prefix " defragment error", abbrev_prefix ".fragment.error", \
698 FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \
699 }, \
700 { &hf_##var_prefix##_fragment_count, \
701 { name_prefix " fragment count", abbrev_prefix ".fragment.count", \
702 FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } \
703 }, \
704 { &hf_##var_prefix##_reassembled_in, \
705 { "Reassembled in", abbrev_prefix ".reassembled.in", \
706 FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \
707 }, \
708 { &hf_##var_prefix##_reassembled_length, \
709 { "Reassembled length", abbrev_prefix ".reassembled.length", \
710 FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } \
711 }, \
712 { &hf_##var_prefix##_reassembled_data, \
713 { "Reassembled data", abbrev_prefix ".reassembled.data", \
714 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } \
715 }, \
716 { &hf_##var_prefix##_segment, \
717 { name_prefix " segment", abbrev_prefix ".segment", \
718 FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL} \
722 * Macro to help to initialize protocol subtree (ett) items for reassembly.
723 * The statement:
725 * void proto_register_foo(void) {
726 * ...
727 * static int* ett[] = {
728 * &ett_foo_abc,
729 * ...
730 * // Add ett items
731 * REASSEMBLE_INIT_ETT_ITEMS(foo_body),
732 * ...
733 * };
734 * ...
737 * will expand like:
739 * void proto_register_foo(void) {
740 * ...
741 * static int* ett[] = {
742 * &ett_foo_abc,
743 * ...
744 * // Add ett items
745 * &ett_foo_body_fragment,
746 * &ett_foo_body_fragments,
747 * ...
748 * };
749 * ...
752 #define REASSEMBLE_INIT_ETT_ITEMS(var_prefix) \
753 &ett_##var_prefix##_fragment, \
754 &ett_##var_prefix##_fragments
756 /** a private structure for keeping streaming reassembly information */
757 typedef struct streaming_reassembly_info_t streaming_reassembly_info_t;
760 * Allocate a streaming reassembly information in wmem_file_scope.
762 WS_DLL_PUBLIC streaming_reassembly_info_t*
763 streaming_reassembly_info_new(void);
766 * This function provides a simple way to reassemble the streaming data of a higher level
767 * protocol that is not on top of TCP but on another protocol which might be on top of TCP.
769 * For example, suppose there are two streaming protocols ProtoA and ProtoB. ProtoA is a protocol on top
770 * of TCP. ProtoB is a protocol on top of ProtoA.
772 * ProtoA dissector should use tcp_dissect_pdus() or pinfo->can_desegment/desegment_offset/desegment_len
773 * to reassemble its own messages on top of TCP. After the PDUs of ProtoA are reassembled, ProtoA dissector
774 * can call reassemble_streaming_data_and_call_subdissector() to help ProtoB dissector to reassemble the
775 * PDUs of ProtoB. ProtoB needs to use fields pinfo->can_desegment/desegment_offset/desegment_len to tell
776 * its requirements about reassembly (to reassemble_streaming_data_and_call_subdissector()).
778 * ----- +-- Reassembled ProtoB PDU --+-- Reassembled ProtoB PDU --+-- Reassembled ProtoB PDU --+----------------
779 * ProtoB: | ProtoB header and payload | ProtoB header and payload | ProtoB header and payload | ...
780 * +----------------------------+---------+------------------+--------+-------------------+--+-------------
781 * ----- ^ >>> Reassemble with reassemble_streaming_data_and_call_subdissector() and pinfo->desegment_len.. <<< ^
782 * +----------------------------+---------+------------------+--------+-------------------+--+-------------
783 * | ProtoA payload1 | ProtoA payload2 | ProtoA payload3 | ...
784 * +--------------------------------------+---------------------------+----------------------+-------------
785 * ^ ^ ^ ^
786 * | >>> Do de-chunk <<< |\ >>> Do de-chunk <<< \ \ >>> Do de-chunk <<< \
787 * | | \ \ \ \
788 * | | \ \ \ ...
789 * | | \ \ \ \
790 * +-------- First Reassembled ProtoA PDU ---------+-- Second Reassembled ProtoA PDU ---+- Third Reassembled Prot...
791 * ProtoA: | Header | ProtoA payload1 | Header | ProtoA payload2 | Header | ProtoA payload3 .
792 * +--------+----------------------+---------------+--------+---------------------------+--------+-+----------------
793 * ----- ^ >>> Reassemble with tcp_dissect_pdus() or pinfo->can_desegment/desegment_offset/desegment_len <<< ^
794 * +--------+----------------------+---------------+--------+---------------------------+--------+-+----------------
795 * TCP: | TCP segment | TCP segment | TCP segment | ...
796 * ----- +-------------------------------+-------------------------------+-------------------------------+----------------
798 * The function reassemble_streaming_data_and_call_subdissector() uses fragment_add() and process_reassembled_data()
799 * to complete its reassembly task.
801 * The reassemble_streaming_data_and_call_subdissector() will handle many cases. The most complicated one is:
803 * +-------------------------------------- Payload of a ProtoA PDU -----------------------------------------------+
804 * | EoMSP: end of a multisegment PDU | OmNFP: one or more non-fragment PDUs | BoMSP: begin of a multisegment PDU |
805 * +----------------------------------+--------------------------------------+------------------------------------+
806 * Note, we use short name 'MSP' for 'Multisegment PDU', and 'NFP' for 'Non-fragment PDU'.
808 * In this case, the payload of a ProtoA PDU contains:
809 * - EoMSP (Part1): At the begin of the ProtoA payload, there is the last part of a multisegment PDU of ProtoB.
810 * - OmNFP (Part2): The middle part of ProtoA payload payload contains one or more non-fragment PDUs of ProtoB.
811 * - BoMSP (Part3): At the tail of the ProtoA payload, there is the begin of a new multisegment PDU of ProtoB.
813 * All of three parts are optional. For example, one ProtoA payload could contain only EoMSP, OmNFP or BoMSP; or contain
814 * EoMSP and OmNFP without BoMSP; or contain EoMSP and BoMSP without OmNFP; or contain OmNFP and BoMSP without
815 * EoMSP.
817 * +---- A ProtoB MSP ---+ +-- A ProtoB MSP --+-- A ProtoB MSP --+ +-- A ProtoB MSP --+
818 * | | | | | | |
819 * +- A ProtoA payload -+ +-------+-------+-------+ +-------+-------+ +-------+-------+ +-------+ +-------+ +-------+
820 * | OmNFP | BoMSP | | EoMSP | OmNFP | BoMSP | | EoMSP | BoMSP | | EoMSP | OmNFP | | BoMSP | | EoMSP | | OmNFP |
821 * +---------+----------+ +-------+-------+-------+ +-------+-------+ +-------+-------+ +-------+ +-------+ +-------+
822 * | | | | | | |
823 * +---------------------+ +------------------+------------------+ +------------------+
825 * And another case is the entire ProtoA payload is one of middle parts of a multisegment PDU. We call it:
826 * - MoMSP: The middle part of a multisegment PDU of ProtoB.
828 * Following case shows a multisegment PDU composed of [BoMSP + MoMSP + MoMSP + MoMSP + EoMSP]:
830 * +------------------ A Multisegment PDU of ProtoB ----------------------+
831 * | |
832 * +--- ProtoA payload1 ---+ +- payload2 -+ +- Payload3 -+ +- Payload4 -+ +- ProtoA payload5 -+
833 * | EoMSP | OmNFP | BoMSP | | MoMSP | | MoMSP | | MoMSP | | EoMSP | BoMSP |
834 * +-------+-------+-------+ +------------+ +------------+ +------------+ +---------+---------+
835 * | |
836 * +----------------------------------------------------------------------+
838 * The function reassemble_streaming_data_and_call_subdissector() will handle all of the above cases and manage
839 * the information used during the reassembly. The caller (ProtoA dissector) only needs to initialize the relevant
840 * variables and pass these variables and its own completed payload to this function.
842 * The subdissector (ProtoB dissector) needs to set the pinfo->desegment_len to cooperate with the function
843 * reassemble_streaming_data_and_call_subdissector() to complete the reassembly task.
844 * The pinfo->desegment_len should be DESEGMENT_ONE_MORE_SEGMENT or contain the estimated number of additional bytes required for completing
845 * the current PDU (MSP), and set pinfo->desegment_offset to the offset in the tvbuff at which the dissector will
846 * continue processing when next called. Next time the subdissector is called, it will be passed a tvbuff composed
847 * of the end of the data from the previous tvbuff together with desegment_len more bytes. If the dissector cannot
848 * tell how many more bytes it will need, it should set pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT or additional bytes required for parsing
849 * message head. It will then be called again as soon as more data becomes available. Subdissector MUST NOT set the
850 * pinfo->desegment_len to DESEGMENT_UNTIL_FIN, we don't support it yet.
852 * Note that if the subdissector sets pinfo->desegment_len to additional bytes required for parsing the header of
853 * the message rather than the entire message when the length of entire message is unable to be determined, it MUST
854 * return the length of the tvb handled by itself (for example, return 0 length if nothing is parsed in MoMSP),
855 * otherwise it may cause some unexpected dissecting errors. However, if you want to be compatible with TCP's reassembly
856 * method by setting the pinfo->desegment_len, you MUST set the pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT
857 * when the entire message length cannot be determined, and return a length other than 0 (such as tvb_captured_length(tvb))
858 * when exiting the subdissector dissect function (such as dissect_proto_b()).
860 * Following is sample code of ProtoB which on top of ProtoA mentioned above:
861 * <code>
862 * // file packet-proto-b.c
863 * ...
865 * static int
866 * dissect_proto_b(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data)
868 * while (offset < tvb_len)
870 * if (tvb_len - offset < PROTO_B_MESSAGE_HEAD_LEN) {
871 * // need at least X bytes for getting a ProtoB message
872 * if (pinfo->can_desegment) {
873 * pinfo->desegment_offset = offset;
874 * // It is strongly recommended to set pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT
875 * // if the length of entire message is unknown.
876 * pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
877 * return tvb_len; // MUST return a length other than 0
879 * // Or set pinfo->desegment_len to how many additional bytes needed to parse head of
880 * // a ProtoB message.
881 * // pinfo->desegment_len = PROTO_B_MESSAGE_HEAD_LEN - (tvb_len - offset);
882 * // return offset; // But you MUST return the length handled by ProtoB
884 * ...
886 * ...
887 * // e.g. length is at offset 4
888 * body_len = (unsigned)tvb_get_ntohl(tvb, offset + 4);
890 * if (tvb_len - offset - PROTO_B_MESSAGE_HEAD_LEN < body_len) {
891 * // need X bytes for dissecting a ProtoB message
892 * if (pinfo->can_desegment) {
893 * pinfo->desegment_offset = offset;
894 * // calculate how many additional bytes need to parsing body of a ProtoB message
895 * pinfo->desegment_len = body_len - (tvb_len - offset - PROTO_B_MESSAGE_HEAD_LEN);
896 * // MUST return a length other than 0, if DESEGMENT_ONE_MORE_SEGMENT is used previously.
897 * return tvb_len;
899 * // MUST return the length handled by ProtoB,
900 * // if 'pinfo->desegment_len = PROTO_B_MESSAGE_HEAD_LEN - (tvb_len - offset);' is used previously.
901 * // return offset;
903 * ...
905 * ...
907 * return tvb_len; // all bytes of this tvb are parsed
909 * </code>
911 * Following is sample code of ProtoA mentioned above:
912 * <code>
913 * // file packet-proto-a.c
914 * ...
915 * // reassembly table for streaming chunk mode
916 * static reassembly_table proto_a_streaming_reassembly_table;
917 * ...
918 * // heads for displaying reassembly information
919 * static int hf_msg_fragments;
920 * static int hf_msg_fragment;
921 * static int hf_msg_fragment_overlap;
922 * static int hf_msg_fragment_overlap_conflicts;
923 * static int hf_msg_fragment_multiple_tails;
924 * static int hf_msg_fragment_too_long_fragment;
925 * static int hf_msg_fragment_error;
926 * static int hf_msg_fragment_count;
927 * static int hf_msg_reassembled_in;
928 * static int hf_msg_reassembled_length;
929 * static int hf_msg_body_segment;
930 * ...
931 * static int ett_msg_fragment;
932 * static int ett_msg_fragments;
933 * ...
934 * static const fragment_items msg_frag_items = {
935 * &ett_msg_fragment,
936 * &ett_msg_fragments,
937 * &hf_msg_fragments,
938 * &hf_msg_fragment,
939 * &hf_msg_fragment_overlap,
940 * &hf_msg_fragment_overlap_conflicts,
941 * &hf_msg_fragment_multiple_tails,
942 * &hf_msg_fragment_too_long_fragment,
943 * &hf_msg_fragment_error,
944 * &hf_msg_fragment_count,
945 * &hf_msg_reassembled_in,
946 * &hf_msg_reassembled_length,
947 * "ProtoA Message fragments"
948 * };
949 * ...
950 * static int
951 * dissect_proto_a(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data)
953 * ...
954 * streaming_reassembly_info_t* streaming_reassembly_info = NULL;
955 * ...
956 * proto_a_tree = proto_item_add_subtree(ti, ett_proto_a);
957 * ...
958 * if (!PINFO_FD_VISITED(pinfo)) {
959 * streaming_reassembly_info = streaming_reassembly_info_new();
960 * // save streaming reassembly info in the stream conversation or something like that
961 * save_reassembly_info(pinfo, stream_id, flow_dir, streaming_reassembly_info);
962 * } else {
963 * streaming_reassembly_info = get_reassembly_info(pinfo, stream_id, flow_dir);
965 * ...
966 * while (offset < tvb_len)
968 * ...
969 * payload_len = xxx;
970 * ...
971 * if (dissecting_in_streaming_mode) {
972 * // reassemble and call subdissector
973 * reassemble_streaming_data_and_call_subdissector(tvb, pinfo, offset,
974 * payload_len, proto_a_tree, proto_tree_get_parent_tree(proto_a_tree),
975 * proto_a_streaming_reassembly_table, streaming_reassembly_info,
976 * get_virtual_frame_num64(tvb, pinfo, offset), subdissector_handle,
977 * proto_tree_get_parent_tree(tree), NULL,
978 * "ProtoA", &msg_frag_items, hf_msg_body_segment);
979 * ...
983 * ...
984 * void proto_register_proto_a(void) {
985 * ...
986 * static hf_register_info hf[] = {
987 * ...
988 * {&hf_msg_fragments,
989 * {"Reassembled ProtoA Message fragments", "protoa.msg.fragments",
990 * FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } },
991 * {&hf_msg_fragment,
992 * {"Message fragment", "protoa.msg.fragment",
993 * FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
994 * {&hf_msg_fragment_overlap,
995 * {"Message fragment overlap", "protoa.msg.fragment.overlap",
996 * FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } },
997 * {&hf_msg_fragment_overlap_conflicts,
998 * {"Message fragment overlapping with conflicting data",
999 * "protoa.msg.fragment.overlap.conflicts",
1000 * FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } },
1001 * {&hf_msg_fragment_multiple_tails,
1002 * {"Message has multiple tail fragments",
1003 * "protoa.msg.fragment.multiple_tails",
1004 * FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } },
1005 * {&hf_msg_fragment_too_long_fragment,
1006 * {"Message fragment too long", "protoa.msg.fragment.too_long_fragment",
1007 * FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } },
1008 * {&hf_msg_fragment_error,
1009 * {"Message defragmentation error", "protoa.msg.fragment.error",
1010 * FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
1011 * {&hf_msg_fragment_count,
1012 * {"Message fragment count", "protoa.msg.fragment.count",
1013 * FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
1014 * {&hf_msg_reassembled_in,
1015 * {"Reassembled in", "protoa.msg.reassembled.in",
1016 * FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } },
1017 * {&hf_msg_reassembled_length,
1018 * {"Reassembled length", "protoa.msg.reassembled.length",
1019 * FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } },
1020 * {&hf_msg_body_segment,
1021 * {"ProtoA body segment", "protoa.msg.body.segment",
1022 * FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } },
1024 * ...
1025 * static int *ett[] = {
1026 * ...
1027 * &ett_msg_fragment,
1028 * &ett_msg_fragments
1030 * ...
1031 * reassembly_table_register(&proto_a_streaming_reassembly_table,
1032 * &addresses_ports_reassembly_table_functions);
1033 * ...
1035 * </code>
1037 * Alternatively, the code of ProtoA (packet-proto-a.c) can be made simpler with helper macros:
1038 * <code>
1039 * // file packet-proto-a.c
1040 * ...
1041 * // reassembly table for streaming chunk mode
1042 * static reassembly_table proto_a_streaming_reassembly_table;
1043 * // reassembly head field items definition
1044 * REASSEMBLE_ITEMS_DEFINE(proto_a_body, "ProtoA Body");
1045 * ...
1046 * static int
1047 * dissect_proto_a(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data)
1049 * ...
1050 * streaming_reassembly_info_t* streaming_reassembly_info = NULL;
1051 * ...
1052 * proto_a_tree = proto_item_add_subtree(ti, ett_proto_a);
1053 * ...
1054 * if (!PINFO_FD_VISITED(pinfo)) {
1055 * streaming_reassembly_info = streaming_reassembly_info_new();
1056 * // save streaming reassembly info in the stream conversation or something like that
1057 * save_reassembly_info(pinfo, stream_id, flow_dir, streaming_reassembly_info);
1058 * } else {
1059 * streaming_reassembly_info = get_reassembly_info(pinfo, stream_id, flow_dir);
1061 * ...
1062 * while (offset < tvb_len)
1064 * ...
1065 * payload_len = xxx;
1066 * ...
1067 * if (dissecting_in_streaming_mode) {
1068 * // reassemble and call subdissector
1069 * reassemble_streaming_data_and_call_subdissector(tvb, pinfo, offset,
1070 * payload_len, proto_a_tree, proto_tree_get_parent_tree(proto_a_tree),
1071 * proto_a_streaming_reassembly_table, streaming_reassembly_info,
1072 * get_virtual_frame_num64(tvb, pinfo, offset), subdissector_handle,
1073 * proto_tree_get_parent_tree(tree), NULL, "ProtoA Body",
1074 * &proto_a_body_fragment_items, hf_proto_a_body_segment);
1075 * ...
1079 * ...
1080 * void proto_register_proto_a(void) {
1081 * ...
1082 * static hf_register_info hf[] = {
1083 * ...
1084 * REASSEMBLE_INIT_HF_ITEMS(proto_a_body, "ProtoA Body", "protoa.body")
1086 * ...
1087 * static int *ett[] = {
1088 * ...
1089 * REASSEMBLE_INIT_ETT_ITEMS(proto_a_body)
1091 * ...
1092 * reassembly_table_register(&proto_a_streaming_reassembly_table,
1093 * &addresses_ports_reassembly_table_functions);
1094 * ...
1096 * </code>
1098 * @param tvb TVB contains (ProtoA) payload which will be passed to subdissector.
1099 * @param pinfo Packet information.
1100 * @param offset The beginning offset of payload in TVB.
1101 * @param length The length of payload in TVB.
1102 * @param segment_tree The tree for adding segment items.
1103 * @param reassembled_tree The tree for adding reassembled information items.
1104 * @param streaming_reassembly_table The reassembly table used for this kind of streaming reassembly.
1105 * @param reassembly_info The structure for keeping streaming reassembly information. This should be initialized
1106 * by streaming_reassembly_info_new(). Subdissector should keep it for each flow of per stream,
1107 * like per direction flow of a STREAM of HTTP/2 or each request or response message flow of
1108 * HTTP/1.1 chunked stream.
1109 * @param cur_frame_num The uniq index of current payload and number must always be increasing from the previous frame
1110 * number, so we can use "<" and ">" comparisons to determine before and after in time. You can use
1111 * get_virtual_frame_num64() if the ProtoA does not has a suitable field representing payload frame num.
1112 * @param subdissector_handle The subdissector the reassembly for. We will call subdissector for reassembly and dissecting.
1113 * The subdissector should set pinfo->desegment_len to the length it needed if the payload is
1114 * not enough for it to dissect.
1115 * @param subdissector_tree The tree to be passed to subdissector.
1116 * @param subdissector_data The data argument to be passed to subdissector.
1117 * @param label The name of the data being reassembling. It can just be the name of protocol (ProtoA), for
1118 * example, "[ProtoA segment of a reassembled PDU]".
1119 * @param frag_hf_items The fragment field items for displaying fragment and reassembly information in tree. Please
1120 * refer to process_reassembled_data().
1121 * @param hf_segment_data The field item to show something like "ProtoA segment data (123 bytes)".
1123 * @return Handled data length. Just equal to the length argument now.
1125 WS_DLL_PUBLIC int
1126 reassemble_streaming_data_and_call_subdissector(
1127 tvbuff_t* tvb, packet_info* pinfo, unsigned offset, int length,
1128 proto_tree* segment_tree, proto_tree* reassembled_tree, reassembly_table streaming_reassembly_table,
1129 streaming_reassembly_info_t* reassembly_info, uint64_t cur_frame_num,
1130 dissector_handle_t subdissector_handle, proto_tree* subdissector_tree, void* subdissector_data,
1131 const char* label, const fragment_items* frag_hf_items, int hf_segment_data
1135 * Return a 64 bits virtual frame number that is identified as follows:
1137 * +--- 32 bits ---+--------- 8 bits -------+----- 24 bits --------------+
1138 * | pinfo->num | pinfo->curr_layer_num | tvb->raw_offset + offset |
1139 * +---------------------------------------------------------------------+
1141 * This allows for a single virtual frame to be uniquely identified across a capture with the
1142 * added benefit that the number will always be increasing from the previous virtual frame so
1143 * we can use "<" and ">" comparisons to determine before and after in time.
1145 * This frame number similar to HTTP2 frame number.
1147 static inline uint64_t
1148 get_virtual_frame_num64(tvbuff_t* tvb, packet_info* pinfo, int offset)
1150 return (((uint64_t)pinfo->num) << 32) + (((uint64_t)pinfo->curr_layer_num) << 24)
1151 + ((uint64_t)tvb_raw_offset(tvb) + offset);
1155 * How many additional bytes are still expected to complete this reassembly?
1157 * @return How many additional bytes are expected to complete this reassembly.
1158 * It may also be DESEGMENT_ONE_MORE_SEGMENT.
1159 * 0 means this reassembly is completed.
1161 WS_DLL_PUBLIC int
1162 additional_bytes_expected_to_complete_reassembly(streaming_reassembly_info_t* reassembly_info);
1164 /* ========================================================================= */
1166 #endif