Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: UDP desegmentation - how to?

From: Guy Harris <guy () alum mit edu>
Date: Wed, 22 Dec 2010 11:01:08 -0800

On Dec 22, 2010, at 12:58 AM, Kaul wrote:


Can I use something like tcp_dissect_pdus() for UDP packets? Specifically, Kerberos over UDP - I think we can get the 
PDU length from the packet and get a complete PDU.


tcp_dissect_pdus() handles the particular case of protocols running atop a byte-stream protocol, where the lower-level 
protocol has no packet boundaries, and the upper-level protocol has to impose packet boundaries atop that.  Reassembly 
of higher-level packets requires the higher-level protocol to indicate when packets begin and end, and requires the 
lower-level protocol to reassemble parts of segments as dictated by the higher-level protocol.  tcp_dissect_pdus() is 
for use by the higher-level protocol to do its part of the job in cases where, for example, each higher-level packet 
begins with a packet-length field.  (I think we 

UDP is a packet-based, not byte-stream-based, protocol, as is IP.  If the fragmentation in question is IP 
fragmentation, reassembly is done by the IP dissector; it needs no help from upper-layer protocols to do that.  If the 
fragmentation in question is done at the layer of the protocol running atop UDP, so that a higher-level packet is 
reassembled from multiple independent UDP datagrams, rather than the higher-level packet being a single UDP packet 
reassembled from multiple IP fragments, then that protocol needs not only to provide a length, it also needs to provide 
sequence numbers, as UDP provides no guarantees of delivery, much less guarantees of in-order delivery.

So:

        as Sake noted, if the fragmentation is done at the Kerberos layer, Kerberos must put more than a PDU length 
into the packet to make it work, e.g. it must include a sequence number;

        as Ronnie noted, if the fragmentation is done at the IP layer, the work is already being done for you - you 
just need to enable reassembly of fragmented IP datagrams in the IPv4 and IPv6 dissector preferences, if it's not 
already enabled.

I suspect it's done at the IP layer.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: