Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: fragment reassembly

From: John Thacker <johnthacker () gmail com>
Date: Thu, 7 Jul 2016 18:36:24 -0400
On Fri, Jun 24, 2016 at 4:54 PM, Guy Harris <guy () alum mit edu> wrote:


On Jun 24, 2016, at 1:14 PM, John Thacker <johnthacker () gmail com> wrote:


I am implementing fragment reassembly of PPP Multilink (RFC 1990) and

also implementing multiclass extension (RFC 2686). (
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12548
https://code.wireshark.org/review/#/c/16044/)

The protocol is unlike other protocols that do reassembly. Most

protocols contain a sequence number that corresponds to the reassembled
PDU, plus generally fragment numbers that indicate the position of the
fragment within the reassembly and a flag that indicates when there are no
more fragments expected. (There are some exceptions without fragment
numbers; those have to assume that fragments are received in order and use
fragment_add_seq_next().)


PPP Multilink only has a single sequence number, plus flags that

indicate whether something is the first or last (or both or neither)
fragment of a PDU. There's no indicate of what the fragment number is
within the sequence, other than "First" or "not first."

I.e., it's more like TCP, where the sequence number is a sequence number
within a "connection".

I seem to remember that there are some other protocols that work that
way.  There should probably be an additional set of reassembly APIs to
handle that case.



Yes, I found a big list of protocols in Appendix A of RFC 4623 (PWE3
Fragmentation and Reassembly) that work this way, in addition to PPP MP.
PWE3 MPLS (RFC 4385), L2TPv2 (RFC 2661), L2TPv3 (RFC 3931), ATM, and Frame
Relay are all claimed to use this style of fragmentation. It looks like,
just as with PPP MP, Wireshark reads the flags and sequence number but
doesn't attempt reassembly.

I submitted a new changeset taking a an approach of adding reassembly APIs.
It's fairly large, so I've been testing for a while on various corner cases
(missing packets, strange order of arrival, etc.)

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: