| blob | 1523c1d3bd82c80d1d1da01827671ce3c4a3ecfa |
1 /* reassemble.c
2 * Routines for {fragment,segment} reassembly
3 *
4 * $Id$
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
27 #include <string.h>
29 #include <epan/packet.h>
30 #include <epan/exceptions.h>
31 #include <epan/emem.h>
32 #include <epan/reassemble.h>
33 #include <epan/tvbuff-int.h>
35 /*
36 * Functions for reassembly tables where the endpoint addresses, and a
37 * fragment ID, are used as the key.
38 */
40 address src;
41 address dst;
42 guint32 id;
45 static guint
47 {
49 guint hash_val;
50 /*
51 int i;
52 */
56 /* More than likely: in most captures src and dst addresses are the
57 same, and would hash the same.
58 We only use id as the hash as an optimization.
60 for (i = 0; i < key->src.len; i++)
61 hash_val += key->src.data[i];
62 for (i = 0; i < key->dst.len; i++)
63 hash_val += key->dst.data[i];
64 */
69 }
71 static gint
73 {
77 /*
78 * key.id is the first item to compare since it's the item most
79 * likely to differ between sessions, thus short-circuiting
80 * the comparison of addresses.
81 */
85 }
87 /*
88 * Create a fragment key for temporary use; it can point to non-
89 * persistent data, and so must only be used to look up and
90 * delete entries, not to add them.
91 */
92 static gpointer
95 {
98 /*
99 * Do a shallow copy of the addresses.
100 */
106 }
108 /*
109 * Create a fragment key for permanent use; it must point to persistent
110 * data, so that it can be used to add entries.
111 */
112 static gpointer
115 {
118 /*
119 * Do a deep copy of the addresses.
120 */
126 }
128 static void
130 {
135 }
137 static void
139 {
143 /*
144 * Free up the copies of the addresses from the old key.
145 */
150 }
151 }
153 const reassembly_table_functions
154 addresses_reassembly_table_functions = {
155 fragment_addresses_hash,
156 fragment_addresses_equal,
157 fragment_addresses_temporary_key,
158 fragment_addresses_persistent_key,
159 fragment_addresses_free_temporary_key,
160 fragment_addresses_free_persistent_key
161 };
163 /*
164 * Functions for reassembly tables where the endpoint addresses and ports,
165 * and a fragment ID, are used as the key.
166 */
168 address src_addr;
169 address dst_addr;
170 guint32 src_port;
171 guint32 dst_port;
172 guint32 id;
175 static guint
177 {
179 guint hash_val;
180 /*
181 int i;
182 */
186 /* More than likely: in most captures src and dst addresses and ports
187 are the same, and would hash the same.
188 We only use id as the hash as an optimization.
190 for (i = 0; i < key->src.len; i++)
191 hash_val += key->src_addr.data[i];
192 for (i = 0; i < key->dst.len; i++)
193 hash_val += key->dst_addr.data[i];
194 hash_val += key->src_port;
195 hash_val += key->dst_port;
196 */
201 }
203 static gint
205 {
209 /*
210 * key.id is the first item to compare since it's the item most
211 * likely to differ between sessions, thus short-circuiting
212 * the comparison of addresses and ports.
213 */
219 }
221 /*
222 * Create a fragment key for temporary use; it can point to non-
223 * persistent data, and so must only be used to look up and
224 * delete entries, not to add them.
225 */
226 static gpointer
229 {
232 /*
233 * Do a shallow copy of the addresses.
234 */
242 }
244 /*
245 * Create a fragment key for permanent use; it must point to persistent
246 * data, so that it can be used to add entries.
247 */
248 static gpointer
251 {
254 /*
255 * Do a deep copy of the addresses.
256 */
264 }
266 static void
268 {
273 }
275 static void
277 {
281 /*
282 * Free up the copies of the addresses from the old key.
283 */
288 }
289 }
291 const reassembly_table_functions
292 addresses_ports_reassembly_table_functions = {
293 fragment_addresses_ports_hash,
294 fragment_addresses_ports_equal,
295 fragment_addresses_ports_temporary_key,
296 fragment_addresses_ports_persistent_key,
297 fragment_addresses_ports_free_temporary_key,
298 fragment_addresses_ports_free_persistent_key
299 };
302 guint32 id;
303 guint32 frame;
306 static gint
308 {
312 /*
313 * We assume that the frame numbers are unlikely to be equal,
314 * so we check them first.
315 */
317 }
319 static guint
321 {
325 }
327 /*
328 * For a fragment hash table entry, free the associated fragments.
329 * The entry value (fd_chain) is freed herein and the entry is freed
330 * when the key freeing routine is called (as a consequence of returning
331 * TRUE from this function).
332 */
333 static gboolean
335 {
339 /* g_hash_table_new_full() was used to supply a function
340 * to free the key and anything to which it points
341 */
348 }
351 }
353 /* ------------------------- */
355 {
357 /* If head/first structure in list only holds no other data than
358 * 'datalen' then we don't have to change the head of the list
359 * even if we want to keep it sorted
360 */
365 }
367 #define FD_VISITED_FREE 0xffff
369 /*
370 * For a reassembled-packet hash table entry, free the fragment data
371 * to which the value refers and also the key itself.
372 */
373 static gboolean
375 gpointer user_data)
376 {
381 /*
382 * A reassembled packet is inserted into the
383 * hash table once for every frame that made
384 * up the reassembled packet; add first seen
385 * fragments to array and later free them in
386 * free_fragments()
387 */
393 }
394 }
399 }
401 static void
403 {
409 }
411 /*
412 * Initialize a reassembly table, with specified functions.
413 */
414 void
417 {
425 /*
426 * The fragment hash table exists.
427 *
428 * Remove all entries and free fragment data for each entry.
429 *
430 * The keys, and anything to which they point, are freed by
431 * calling the table's key freeing function. The values
432 * are freed in free_all_fragments().
433 */
437 /* The fragment table does not exist. Create it */
440 }
445 /*
446 * The reassembled-packet hash table exists.
447 *
448 * Remove all entries and free reassembled packet
449 * data and key for each entry.
450 */
459 /* The fragment table does not exist. Create it */
461 reassembled_equal);
462 }
463 }
465 /*
466 * Destroy a reassembly table.
467 */
468 void
470 {
471 /*
472 * Clear the function pointers.
473 */
478 /*
479 * The fragment hash table exists.
480 *
481 * Remove all entries and free fragment data for each entry.
482 *
483 * The keys, and anything to which they point, are freed by
484 * calling the table's key freeing function. The values
485 * are freed in free_all_fragments().
486 */
490 /*
491 * Now destroy the hash table.
492 */
495 }
499 /*
500 * The reassembled-packet hash table exists.
501 *
502 * Remove all entries and free reassembled packet
503 * data and key for each entry.
504 */
513 /*
514 * Now destroy the hash table.
515 */
518 }
519 }
521 /*
522 * Look up an fd_head in the fragment table, optionally returning the key
523 * for it.
524 */
528 {
529 gpointer key;
530 gpointer value;
532 /* Create key to search hash with */
535 /*
536 * Look up the reassembly in the fragment table.
537 */
541 /* Free the key */
545 }
547 /*
548 * Insert an fd_head into the fragment table, and return the key used.
549 */
550 static gpointer
553 {
554 gpointer key;
556 /*
557 * We're going to use the key to insert the fragment,
558 * so make a persistent version of it.
559 */
563 }
565 /* This function cleans up the stored state and removes the reassembly data and
566 * (with one exception) all allocated memory for matching reassembly.
567 *
568 * The exception is :
569 * If the PDU was already completely reassembled, then the tvbuff containing the
570 * reassembled data WILL NOT be free()d, and the pointer to that tvbuff will be
571 * returned.
572 * Othervise the function will return NULL.
573 *
574 * So, if you call fragment_delete and it returns non-NULL, YOU are responsible
575 * to tvb_free() that tvbuff.
576 */
577 tvbuff_t *
580 {
584 gpointer key;
588 /* We do not recognize this as a PDU we have seen before. return */
590 }
593 /* loop over all partial fragments and free any tvbuffs */
602 }
607 }
609 /* This function is used to check if there is partial or completed reassembly state
610 * matching this packet. I.e. Is there reassembly going on or not for this packet?
611 */
612 fragment_head *
615 {
617 }
619 /* id *must* be the frame number for this to work! */
620 fragment_head *
622 {
624 reassembled_key key;
626 /* create key to search hash with */
632 }
634 fragment_head *
637 {
639 reassembled_key key;
641 /* create key to search hash with */
647 }
649 /* To specify the offset for the fragment numbering, the first fragment is added with 0, and
650 * afterwards this offset is set. All additional calls to off_seq_check will calculate
651 * the number in sequence in regards to the offset */
652 void
655 {
662 /* Reseting the offset is not allowed */
667 }
669 /* This function can be used to explicitly set the total length (if known)
670 * for reassembly of a PDU.
671 * This is useful for reassembly of PDUs where one may have the total length specified
672 * in the first fragment instead of as for, say, IPv4 where a flag indicates which
673 * is the last fragment.
674 *
675 * Such protocols might fragment_add with a more_frags==TRUE for every fragment
676 * and just tell the reassembly engine the expected total length of the reassembled data
677 * using fragment_set_tot_len immediately after doing fragment_add for the first packet.
678 *
679 * Note that for FD_BLOCKSEQUENCE tot_len is the index for the tail fragment.
680 * i.e. since the block numbers start at 0, if we specify tot_len==2, that
681 * actually means we want to defragment 3 blocks, block 0, 1 and 2.
682 */
683 void
686 {
695 /* If we're setting a block sequence number, verify that it
696 * doesn't conflict with values set by existing fragments.
697 * XXX - eliminate this check?
698 */
707 }
708 }
710 }
711 }
717 }
718 }
720 /* We got this far so the value is sane. */
723 }
725 guint32
728 {
735 }
738 }
741 /* This function will set the partial reassembly flag for a fh.
742 When this function is called, the fh MUST already exist, i.e.
743 the fh MUST be created by the initial call to fragment_add() before
744 this function is called.
745 Also note that this function MUST be called to indicate a fh will be
746 extended (increase the already stored data)
747 */
749 void
753 {
758 /*
759 * XXX - why not do all the stuff done early in "fragment_add_work()",
760 * turning off FD_DEFRAGMENTED and pointing the fragments' data
761 * pointers to the appropriate part of the already-reassembled
762 * data, and clearing the data length and "reassembled in" frame
763 * number, here? We currently have a hack in the TCP dissector
764 * not to set the "reassembled in" value if the "partial reassembly"
765 * flag is set, so that in the first pass through the packets
766 * we don't falsely set a packet as reassembled in that packet
767 * if the dissector decided that even more reassembly was needed.
768 */
771 }
772 }
774 /*
775 * This function gets rid of an entry from a fragment table, given
776 * a pointer to the key for that entry.
777 *
778 * The key freeing routine will be called by g_hash_table_remove().
779 */
780 static void
782 {
783 /*
784 * Remove the entry from the fragment table.
785 */
787 }
789 /*
790 * This function adds fragment_head structure to a reassembled-packet
791 * hash table, using the frame numbers of each of the frames from
792 * which it was reassembled as keys, and sets the "reassembled_in"
793 * frame number.
794 */
795 static void
798 {
803 /*
804 * This was not fragmented, so there's no fragment
805 * table; just hash it using the current frame number.
806 */
812 /*
813 * Hash it with the frame numbers for all the frames.
814 */
820 fd_head);
821 }
822 }
825 }
827 static void
829 {
832 /* add fragment to list, keep list sorted */
836 }
839 }
841 /*
842 * This function adds a new fragment to the fragment hash table.
843 * If this is the first fragment seen for this datagram, a new entry
844 * is created in the hash table, otherwise this fragment is just added
845 * to the linked list of fragments for this packet.
846 * The list of fragments for a specific datagram is kept sorted for
847 * easier handling.
848 *
849 * Returns a pointer to the head of the fragment data list if we have all the
850 * fragments, NULL otherwise.
851 *
852 * This function assumes frag_offset being a byte offset into the defragment
853 * packet.
854 *
855 * 01-2002
856 * Once the fh is defragmented (= FD_DEFRAGMENTED set), it can be
857 * extended using the FD_PARTIAL_REASSEMBLY flag. This flag should be set
858 * using fragment_set_partial_reassembly() before calling fragment_add
859 * with the new fragment. FD_TOOLONGFRAGMENT and FD_MULTIPLETAILS flags
860 * are lowered when a new extension process is started.
861 */
862 static gboolean
866 {
873 /* create new fd describing this fragment */
884 /*
885 * Are we adding to an already-completed reassembly?
886 */
888 /*
889 * Yes. Does this fragment go past the end of the results
890 * of that reassembly?
891 * XXX - shouldn't this be ">"? If frag_offset + frag_data_len
892 * == fd_head->datalen, this overlaps the end of the
893 * reassembly, but doesn't go past it, right?
894 */
896 /*
897 * Yes. Have we been requested to continue reassembly?
898 */
900 /*
901 * Yes. Set flag in already empty fds &
902 * point old fds to malloc'ed data.
903 */
908 }
910 }
916 /*
917 * No. Bail out since we have no idea what to
918 * do with this fragment (and if we keep going
919 * we'll run past the end of a buffer sooner
920 * or later).
921 */
924 /*
925 * This is an attempt to add a fragment to a
926 * reassembly that had already completed.
927 * If it had no error, we don't want to
928 * mark it with an error, and if it had an
929 * error, we don't want to overwrite it, so
930 * we don't set fd_head->error.
931 */
933 /*
934 * The fragment starts past the end
935 * of the reassembled data.
936 */
939 /*
940 * The fragment starts before the end
941 * of the reassembled data, but
942 * runs past the end. That could
943 * just be a retransmission.
944 */
946 }
947 }
949 /*
950 * No. That means it still overlaps that, so report
951 * this as a problem, possibly a retransmission.
952 */
955 }
956 }
958 /* Do this after we may have bailed out (above) so that we don't leave
959 * fd_head->frame in a bad state if we do */
964 /*
965 * This is the tail fragment in the sequence.
966 */
968 /* ok we have already seen other tails for this packet
969 * it might be a duplicate.
970 */
972 /* Oops, this tail indicates a different packet
973 * len than the previous ones. Something's wrong.
974 */
977 }
979 /* This was the first tail fragment; now we know
980 * what the length of the packet should be.
981 */
984 }
985 }
989 /* If the packet is already defragmented, this MUST be an overlap.
990 * The entire defragmented packet is in fd_head->data.
991 * Even if we have previously defragmented this packet, we still
992 * check it. Someone might play overlap and TTL games.
993 */
998 /* make sure it's not too long */
1002 }
1003 /* make sure it doesn't conflict with previous data */
1008 }
1009 /* it was just an overlap, link it and return */
1012 }
1016 /* If we have reached this point, the packet is not defragmented yet.
1017 * Save all payload in a buffer until we can defragment.
1018 * XXX - what if we didn't capture the entire fragment due
1019 * to a too-short snapshot length?
1020 */
1026 /* if we dont know the datalen, there are still missing
1027 * packets. Cheaper than the check below.
1028 */
1030 }
1033 /*
1034 * Check if we have received the entire fragment.
1035 * This is easy since the list is sorted and the head is faked.
1036 *
1037 * First, we compute the amount of contiguous data that's
1038 * available. (The check for fd_i->offset <= max rules out
1039 * fragments that don't start before or at the end of the
1040 * previous fragment, i.e. fragments that have a gap between
1041 * them and the previous fragment.)
1042 */
1048 }
1049 }
1052 /*
1053 * The amount of contiguous data we have is less than the
1054 * amount of data we're trying to reassemble, so we haven't
1055 * received all packets yet.
1056 */
1058 }
1060 /* we have received an entire packet, defragment it and
1061 * free all fragments
1062 */
1063 /* store old data just in case */
1069 /* add all data fragments */
1072 /*
1073 * The loop above that calculates max also
1074 * ensures that the only gaps that exist here
1075 * are ones where a fragment starts past the
1076 * end of the reassembled datagram, and there's
1077 * a gap between the previous fragment and
1078 * that fragment.
1079 *
1080 * A "DESEGMENT_UNTIL_FIN" was involved wherein the
1081 * FIN packet had an offset less than the highest
1082 * fragment offset seen. [Seen from a fuzz-test:
1083 * bug #2470]).
1084 *
1085 * Note that the "overlap" compare must only be
1086 * done for fragments with (offset+len) <= fd_head->datalen
1087 * and thus within the newly g_malloc'd buffer.
1088 */
1091 /*
1092 * Fragment starts after the end
1093 * of the reassembled packet.
1094 *
1095 * This can happen if the length was
1096 * set after the offending fragment
1097 * was added to the reassembly.
1098 *
1099 * Flag this fragment, but don't
1100 * try to extract any data from
1101 * it, as there's no place to put
1102 * it.
1103 *
1104 * XXX - add different flag value
1105 * for this.
1106 */
1110 /*
1111 * XXX - can this happen? We've
1112 * already rejected fragments that
1113 * start past the end of the
1114 * reassembled datagram, and
1115 * the loop that calculated max
1116 * should have ruled out gaps,
1117 * but could fd_i->offset +
1118 * fd_i->len overflow?
1119 */
1128 /*
1129 * Fragment goes past the end
1130 * of the packet, as indicated
1131 * by the last fragment.
1132 *
1133 * This can happen if the
1134 * length was set after the
1135 * offending fragment was
1136 * added to the reassembly.
1137 *
1138 * Mark it as such, and only
1139 * copy from it what fits in
1140 * the packet.
1141 */
1145 }
1153 cmp_len)
1154 ) {
1157 }
1158 }
1160 /*
1161 * XXX - can this happen?
1162 */
1169 }
1170 }
1173 /* Integer overflow? */
1175 }
1176 }
1184 }
1185 }
1189 /* mark this packet as defragmented.
1190 allows us to skip any trailing fragments */
1194 /* we don't throw until here to avoid leaking old_data and others */
1197 }
1200 }
1208 {
1211 gboolean already_added;
1214 /* dissector shouldn't give us garbage tvb info */
1219 #if 0
1220 /* debug output of associated fragments. */
1221 /* leave it here for future debugging sessions */
1224 pinfo->current_proto, pinfo->fd->num, id, frag_offset, frag_data_len, more_frags, pinfo->fd->flags.visited);
1229 }
1230 }
1231 }
1232 #endif
1234 /*
1235 * Is this the first pass through the capture?
1236 */
1238 /*
1239 * Yes, so we could be doing reassembly. If
1240 * "check_already_added" is true, and fd_head is non-null,
1241 * meaning that this fragment would be added to an
1242 * in-progress reassembly, check if we have seen this
1243 * fragment before, i.e., if we have already added it to
1244 * that reassembly. That can be true even on the first pass
1245 * since we sometimes might call a subdissector multiple
1246 * times.
1247 *
1248 * We check both the frame number and the fragment offset,
1249 * so that we support multiple fragments from the same
1250 * frame being added to the same reassembled PDU.
1251 */
1253 /*
1254 * fd_head->frame is the maximum of the frame
1255 * numbers of all the fragments added to this
1256 * reassembly; if this frame is later than that
1257 * frame, we know it hasn't been added yet.
1258 */
1261 /*
1262 * The first item in the reassembly list
1263 * is not a fragment, it's a data structure
1264 * for the reassembled packet, so we
1265 * start checking with the next item.
1266 */
1273 }
1274 }
1276 /*
1277 * Have we already finished
1278 * reassembling?
1279 */
1281 /*
1282 * Yes.
1283 * XXX - can this ever happen?
1284 */
1288 /*
1289 * No.
1290 */
1292 }
1293 }
1294 }
1295 }
1297 /*
1298 * No, so we've already done all the reassembly and added
1299 * all the fragments. Do we have a reassembly and, if so,
1300 * have we finished reassembling?
1301 */
1303 /*
1304 * Yes. This is probably being done after the
1305 * first pass, and we've already done the work
1306 * on the first pass.
1307 *
1308 * If the reassembly got a fatal error, throw that
1309 * error again.
1310 */
1314 /*
1315 * Is it later in the capture than all of the
1316 * fragments in the reassembly?
1317 */
1319 /*
1320 * Yes, so report this as a problem,
1321 * possibly a retransmission.
1322 */
1324 }
1326 /*
1327 * Does this fragment go past the end of the
1328 * results of that reassembly?
1329 */
1331 /*
1332 * Yes.
1333 */
1335 /*
1336 * The fragment starts past the
1337 * end of the reassembled data.
1338 */
1341 /*
1342 * The fragment starts before the end
1343 * of the reassembled data, but
1344 * runs past the end. That could
1345 * just be a retransmission.
1346 */
1348 }
1349 }
1353 /*
1354 * No.
1355 */
1357 }
1358 }
1361 /* not found, this must be the first snooped fragment for this
1362 * packet. Create list-head.
1363 */
1366 /*
1367 * Insert it into the hash table.
1368 */
1370 }
1374 /*
1375 * Reassembly is complete.
1376 */
1379 /*
1380 * Reassembly isn't complete.
1381 */
1383 }
1384 }
1386 fragment_head *
1391 {
1394 }
1396 /*
1397 * For use when you can have multiple fragments in the same frame added
1398 * to the same reassembled PDU, e.g. with ONC RPC-over-TCP.
1399 */
1400 fragment_head *
1406 {
1409 }
1411 fragment_head *
1416 {
1417 reassembled_key reass_key;
1419 gpointer orig_key;
1421 /*
1422 * If this isn't the first pass, look for this frame in the table
1423 * of reassembled packets.
1424 */
1429 }
1431 /* Looks up a key in the GHashTable, returning the original key and the associated value
1432 * and a gboolean which is TRUE if the key was found. This is useful if you need to free
1433 * the memory allocated for the original key, for example before calling g_hash_table_remove()
1434 */
1437 /* not found, this must be the first snooped fragment for this
1438 * packet. Create list-head.
1439 */
1442 /*
1443 * Save the key, for unhashing it later.
1444 */
1446 }
1448 /*
1449 * If this is a short frame, then we can't, and don't, do
1450 * reassembly on it. We just give up.
1451 */
1457 /*
1458 * Reassembly is complete.
1459 * Remove this from the table of in-progress
1460 * reassemblies, add it to the table of
1461 * reassembled packets, and return it.
1462 */
1464 /*
1465 * Remove this from the table of in-progress reassemblies,
1466 * and free up any memory used for it in that table.
1467 */
1470 /*
1471 * Add this item to the table of reassembled packets.
1472 */
1476 /*
1477 * Reassembly isn't complete.
1478 */
1480 }
1481 }
1483 static void
1485 {
1495 }
1497 }
1499 /* store old data in case the fd_i->data pointers refer to it */
1506 /* add all data fragments */
1511 /* First fragment or in-sequence fragment */
1515 /* duplicate/retransmission/overlap */
1519 || tvb_memeql(last_fd->tvb_data, 0, tvb_get_ptr(fd_i->tvb_data, 0, last_fd->len), last_fd->len) ) {
1522 }
1523 }
1524 }
1526 }
1528 /* we have defragmented the pdu, now free all fragments*/
1535 }
1539 /* mark this packet as defragmented.
1540 * allows us to skip any trailing fragments.
1541 */
1544 }
1546 /*
1547 * This function adds a new fragment to the entry for a reassembly
1548 * operation.
1549 *
1550 * The list of fragments for a specific datagram is kept sorted for
1551 * easier handling.
1552 *
1553 * Returns TRUE if we have all the fragments, FALSE otherwise.
1554 *
1555 * This function assumes frag_number being a block sequence number.
1556 * The bsn for the first block is 0.
1557 */
1558 static gboolean
1562 {
1567 guint32 frag_number_work;
1569 /* Enables the use of fragment sequence numbers, which do not start with 0 */
1575 /* if the partial reassembly flag has been set, and we are extending
1576 * the pdu, un-reassemble the pdu. This means pointing old fds to malloc'ed data.
1577 */
1585 /* this is a duplicate of the previous
1586 * fragment. */
1592 }
1594 }
1596 }
1601 }
1604 /* create new fd describing this fragment */
1615 /*
1616 * This is the tail fragment in the sequence.
1617 */
1619 /* ok we have already seen other tails for this packet
1620 * it might be a duplicate.
1621 */
1623 /* Oops, this tail indicates a different packet
1624 * len than the previous ones. Something's wrong.
1625 */
1628 }
1630 /* this was the first tail fragment, now we know the
1631 * sequence number of that fragment (which is NOT
1632 * the length of the packet!)
1633 */
1636 }
1637 }
1639 /* If the packet is already defragmented, this MUST be an overlap.
1640 * The entire defragmented packet is in fd_head->data
1641 * Even if we have previously defragmented this packet, we still check
1642 * check it. Someone might play overlap and TTL games.
1643 */
1648 /* make sure it's not past the end */
1650 /* new fragment comes after the end */
1655 }
1656 /* make sure it doesn't conflict with previous data */
1662 }
1664 }
1666 /* new fragment overlaps existing fragment */
1668 /*
1669 * They have different lengths; this
1670 * is definitely a conflict.
1671 */
1676 }
1680 /*
1681 * They have the same length, but the
1682 * data isn't the same.
1683 */
1688 }
1689 /* it was just an overlap, link it and return */
1693 /*
1694 * New fragment doesn't overlap an existing
1695 * fragment - there was presumably a gap in
1696 * the sequence number space.
1697 *
1698 * XXX - what should we do here? Is it always
1699 * the case that there are no gaps, or are there
1700 * protcols using sequence numbers where there
1701 * can be gaps?
1702 *
1703 * If the former, the check below for having
1704 * received all the fragments should check for
1705 * holes in the sequence number space and for the
1706 * first sequence number being 0. If we do that,
1707 * the only way we can get here is if this fragment
1708 * is past the end of the sequence number space -
1709 * but the check for "fd->offset > fd_head->datalen"
1710 * would have caught that above, so it can't happen.
1711 *
1712 * If the latter, we don't have a good way of
1713 * knowing whether reassembly is complete if we
1714 * get packet out of order such that the "last"
1715 * fragment doesn't show up last - but, unless
1716 * in-order reliable delivery of fragments is
1717 * guaranteed, an implementation of the protocol
1718 * has no way of knowing whether reassembly is
1719 * complete, either.
1720 *
1721 * For now, we just link the fragment in and
1722 * return.
1723 */
1726 }
1727 }
1729 /* If we have reached this point, the packet is not defragmented yet.
1730 * Save all payload in a buffer until we can defragment.
1731 * XXX - what if we didn't capture the entire fragment due
1732 * to a too-short snapshot length?
1733 */
1734 /* check len, there may be a fragment with 0 len, that is actually the tail */
1737 }
1742 /* if we dont know the sequence number of the last fragment,
1743 * there are definitely still missing packets. Cheaper than
1744 * the check below.
1745 */
1747 }
1750 /* check if we have received the entire fragment
1751 * this is easy since the list is sorted and the head is faked.
1752 * common case the whole list is scanned.
1753 */
1757 max++;
1758 }
1759 }
1760 /* max will now be datalen+1 if all fragments have been seen */
1763 /* we have not received all packets yet */
1765 }
1769 /* oops, too long fragment detected */
1772 }
1775 /* we have received an entire packet, defragment it and
1776 * free all fragments
1777 */
1781 }
1783 /*
1784 * This function adds a new fragment to the fragment hash table.
1785 * If this is the first fragment seen for this datagram, a new entry
1786 * is created in the hash table, otherwise this fragment is just added
1787 * to the linked list of fragments for this packet.
1788 *
1789 * Returns a pointer to the head of the fragment data list if we have all the
1790 * fragments, NULL otherwise.
1791 *
1792 * This function assumes frag_number being a block sequence number.
1793 * The bsn for the first block is 0.
1794 */
1802 {
1804 gpointer orig_key;
1808 /* have we already seen this frame ?*/
1816 }
1817 }
1820 /* not found, this must be the first snooped fragment for this
1821 * packet. Create list-head.
1822 */
1827 /*
1828 * This is the last fragment for this packet, and
1829 * is the only one we've seen.
1830 *
1831 * Either we don't have sequence numbers, in which
1832 * case we assume this is the first fragment for
1833 * this packet, or we're doing special 802.11
1834 * processing, in which case we assume it's one
1835 * of those reassembled packets with a non-zero
1836 * fragment number (see packet-80211.c); just
1837 * return a pointer to the head of the list;
1838 * fragment_add_seq_check will then add it to the table
1839 * of reassembled packets.
1840 */
1845 }
1851 /*
1852 * If we weren't given an initial fragment number,
1853 * make it 0.
1854 */
1863 /*
1864 * If we weren't given an initial fragment number,
1865 * use the next expected fragment number as the fragment
1866 * number for this fragment.
1867 */
1871 }
1872 }
1873 }
1875 /*
1876 * XXX I've copied this over from the old separate
1877 * fragment_add_seq_check_work, but I'm not convinced it's doing the
1878 * right thing -- rav
1879 *
1880 * If we don't have all the data that is in this fragment,
1881 * then we can't, and don't, do reassembly on it.
1882 *
1883 * If it's the first frame, handle it as an unfragmented packet.
1884 * Otherwise, just handle it as a fragment.
1885 *
1886 * If "more_frags" isn't set, we get rid of the entry in the
1887 * hash table for this reassembly, as we don't need it any more.
1888 */
1894 }
1897 /*
1898 * Remove this from the table of in-progress
1899 * reassemblies, and free up any memory used for
1900 * it in that table.
1901 */
1904 }
1906 }
1907 }
1911 /*
1912 * Reassembly is complete.
1913 */
1916 /*
1917 * Reassembly isn't complete.
1918 */
1920 }
1921 }
1923 fragment_head *
1928 {
1932 }
1934 /*
1935 * This does the work for "fragment_add_seq_check()" and
1936 * "fragment_add_seq_next()".
1937 *
1938 * This function assumes frag_number being a block sequence number.
1939 * The bsn for the first block is 0.
1940 *
1941 * If "no_frag_number" is TRUE, it uses the next expected fragment number
1942 * as the fragment number if there is a reassembly in progress, otherwise
1943 * it uses 0.
1944 *
1945 * If "no_frag_number" is FALSE, it uses the "frag_number" argument as
1946 * the fragment number.
1947 *
1948 * If this is the first fragment seen for this datagram, a new
1949 * "fragment_head" structure is allocated to refer to the reassembled
1950 * packet.
1951 *
1952 * This fragment is added to the linked list of fragments for this packet.
1953 *
1954 * If "more_frags" is false and REASSEMBLE_FLAGS_802_11_HACK (as the name
1955 * implies, a special hack for 802.11) or REASSEMBLE_FLAGS_NO_FRAG_NUMBER
1956 * (implying messages must be in order since there's no sequence number) are
1957 * set in "flags", then this (one element) list is returned.
1958 *
1959 * If, after processing this fragment, we have all the fragments,
1960 * "fragment_add_seq_check_work()" removes that from the fragment hash
1961 * table if necessary and adds it to the table of reassembled fragments,
1962 * and returns a pointer to the head of the fragment list.
1963 *
1964 * Otherwise, it returns NULL.
1965 *
1966 * XXX - Should we simply return NULL for zero-length fragments?
1967 */
1975 {
1976 reassembled_key reass_key;
1978 gpointer orig_key;
1980 /*
1981 * Have we already seen this frame?
1982 * If so, look for it in the table of reassembled packets.
1983 */
1988 }
1992 more_frags,
1997 /* this is the first fragment of a datagram with
1998 * truncated fragments. Don't move it to the
1999 * reassembled table. */
2001 }
2003 /*
2004 * Reassembly is complete.
2005 *
2006 * If this is in the table of in-progress reassemblies,
2007 * remove it from that table. (It could be that this
2008 * was the first and last fragment, so that no
2009 * reassembly was done.)
2010 */
2014 /*
2015 * Add this item to the table of reassembled packets.
2016 */
2020 /*
2021 * Reassembly isn't complete.
2022 */
2024 }
2025 }
2027 fragment_head *
2033 {
2037 }
2039 fragment_head *
2045 {
2048 more_frags,
2049 REASSEMBLE_FLAGS_802_11_HACK);
2050 }
2052 fragment_head *
2057 {
2060 REASSEMBLE_FLAGS_NO_FRAG_NUMBER);
2061 }
2063 void
2067 {
2070 /* Have we already seen this frame ?*/
2073 }
2075 /* Check if fragment data exists */
2079 /* Create list-head. */
2092 }
2093 }
2095 fragment_head *
2098 {
2099 reassembled_key reass_key;
2102 gpointer orig_key;
2104 /*
2105 * Have we already seen this frame?
2106 * If so, look for it in the table of reassembled packets.
2107 */
2112 }
2118 /* No data added */
2120 }
2127 /*
2128 * Remove this from the table of in-progress reassemblies,
2129 * and free up any memory used for it in that table.
2130 */
2133 /*
2134 * Add this item to the table of reassembled packets.
2135 */
2142 }
2146 /*
2147 * Fragment data not found.
2148 */
2150 }
2151 }
2153 /*
2154 * Process reassembled data; if we're on the frame in which the data
2155 * was reassembled, put the fragment information into the protocol
2156 * tree, and construct a tvbuff with the reassembled data, otherwise
2157 * just put a "reassembled in" item into the protocol tree.
2158 */
2159 tvbuff_t *
2163 {
2165 gboolean update_col_info;
2169 /*
2170 * OK, we've reassembled this.
2171 * Is this something that's been reassembled from more
2172 * than one fragment?
2173 */
2175 /*
2176 * Yes.
2177 * Allocate a new tvbuff, referring to the
2178 * reassembled payload, and set
2179 * the tvbuff to the list of tvbuffs to which
2180 * the tvbuff we were handed refers, so it'll get
2181 * cleaned up when that tvbuff is cleaned up.
2182 */
2185 /* Add the defragmented data to the data source list. */
2188 /* show all fragments */
2195 }
2197 /*
2198 * No.
2199 * Return a tvbuff with the payload.
2200 */
2204 }
2208 /*
2209 * We don't have the complete reassembled payload, or this
2210 * isn't the final frame of that payload.
2211 */
2214 /*
2215 * If we know what frame this was reassembled in,
2216 * and if there's a field to use for the number of
2217 * the frame in which the packet was reassembled,
2218 * add it to the protocol tree.
2219 */
2224 }
2225 }
2227 }
2229 /*
2230 * Show a single fragment in a fragment subtree, and put information about
2231 * it in the top-level item for that subtree.
2232 */
2233 static void
2237 {
2247 }
2253 }
2261 }
2274 offset,
2278 }
2283 /* this fragment has some flags set, create a subtree
2284 * for it and display the flags.
2285 */
2293 TRUE);
2295 }
2300 TRUE);
2302 }
2307 TRUE);
2309 }
2314 TRUE);
2316 }
2317 }
2318 }
2320 static gboolean
2323 {
2328 }
2331 }
2333 /* This function will build the fragment subtree; it's for fragments
2334 reassembled with "fragment_add()".
2336 It will return TRUE if there were fragmentation errors
2337 or FALSE if fragmentation was ok.
2338 */
2339 gboolean
2342 {
2345 gboolean first_frag;
2347 /* It's not fragmented. */
2356 count++;
2357 }
2361 }
2367 }
2373 }
2379 }
2382 }
2384 /* This function will build the fragment subtree; it's for fragments
2385 reassembled with "fragment_add_seq()" or "fragment_add_seq_check()".
2387 It will return TRUE if there were fragmentation errors
2388 or FALSE if fragmentation was ok.
2389 */
2390 gboolean
2393 {
2397 gboolean first_frag;
2399 /* It's not fragmented. */
2411 count++;
2412 }
2417 }
2421 }
2427 }
2433 }
2439 }
2442 }
2444 /*
2445 * Editor modelines - http://www.wireshark.org/tools/modelines.html
2446 *
2447 * Local variables:
2448 * c-basic-offset: 8
2449 * tab-width: 8
2450 * indent-tabs-mode: t
2451 * End:
2452 *
2453 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
2454 * :indentSize=8:tabSize=8:noTabs=false:
2455 */