Ask Your Question

Revision history [back]

To reassamble a certain portion of UDP fragments you must declare init() function. This init function is initialized when wireshark starts up. For example:

function NDN_protocol.init()
    fragmPkts = {}  -- global array table will hold the fragmts from different fragmntsPkts.
end

Then write a function that allows you to append fragments to the table array. Which you can use later to concatenate to make a tvb buffer.

function ASSEMBLE_FRAGMENTS(fragBuff, packetKey, fragIndexVal, fragCountVal)
    local fragDataTvb = nil
    fragIndexVal = tonumber(tostring(fragIndexVa),16) 
    fragCountVal =  tonumber(tostring(fragCountVal ),16)

    if fragmPkts[packetKey] == nil then
        fragmPkts[packetKey] = {}     -- create a new row per packet set
    else
        fragmPkts[packetKey][fragIndexVal] = fragBuff:bytes()   -- add to fragment to table

        local pkt_received = 0    -- must count actual pkts received
        for i, v in pairs(fragmPkts[packetKey]) do
            pkt_received = pkt_received + 1
        end

        if (pkt_received == fragCountVal and fragIndexVal == fragCountVal-1) then 
            fragDataTvb = ByteArray.new()

            TABLE_SORT(fragmPkts[packetKey])  -- function to sort out of order Fragpkts.

            for i = 0, fragCountVal-1 do
                fragDataTvb:append(fragmPkts[packetKey][i])
            end
            fragDataTvb= ByteArray.tvb(fragDataTvb, "Reassembled Fragment")
        end
    end
    return  fragDataTvb   --returns a reassembled fragment buffer
end

Follow additional example posted at this url : https://osqa-ask.wireshark.org/questions/55621/lua-udp-reassembly/

To reassamble a certain portion of UDP fragments you must declare init() function. This init function is initialized when wireshark starts up. For example:

function NDN_protocol.init()
    fragmPkts = {}  -- global array table will hold the fragmts from different fragmntsPkts.
end

Then write a function that allows you to append fragments to the table array. Which you can use later to concatenate to make a tvb buffer.

function ASSEMBLE_FRAGMENTS(fragBuff, packetKey, fragIndexVal, fragCountVal)
    local fragDataTvb = nil
    fragIndexVal = tonumber(tostring(fragIndexVa),16) 
    fragCountVal =  tonumber(tostring(fragCountVal ),16)

    if fragmPkts[packetKey] == nil then
        fragmPkts[packetKey] = {}     -- create a new row per packet set
    else
        fragmPkts[packetKey][fragIndexVal] = fragBuff:bytes()   -- add to fragment to table

        local pkt_received = 0    -- must count actual pkts received
        for i, v in pairs(fragmPkts[packetKey]) do
            pkt_received = pkt_received + 1
        end

         -- fragIndex starts from zero                          
        if (pkt_received == fragCountVal and fragIndexVal == fragCountVal-1) then 
            fragDataTvb = ByteArray.new()

            TABLE_SORT(fragmPkts[packetKey])  -- function to sort out of order Fragpkts.

            for i = 0, fragCountVal-1 do
                fragDataTvb:append(fragmPkts[packetKey][i])
            end
            fragDataTvb= ByteArray.tvb(fragDataTvb, "Reassembled Fragment")
        end
    end
    return  fragDataTvb   --returns a reassembled fragment buffer
end

Follow additional example posted at this url : https://osqa-ask.wireshark.org/questions/55621/lua-udp-reassembly/