 | 1 | initial version |
I published an example of one way of doing this on my rgov/wireshark-udp-reassembly repository. I'm thinking about writing a blog post; if so I'll post a link here.
In brief, there is a fragments table that forms a linked list of incomplete fragments. When a packet comes in, we reassemble the previous, incomplete PDU fragments into a buffer, and attempt to parse out a complete PDU.
I tried to implement it such that there's only one function, read_complete_pdu(), which needs to be reimplemented for other protocols.
Note that this does not use the built-in "desegmentation service" by setting pinfo.desegment_len, etc. For one, this is not well documented. Secondly, my reassembly algorithm does not require that you know the length of the complete PDU ahead of time.
