diff options
Diffstat (limited to 'epan/reassemble.h')
-rw-r--r-- | epan/reassemble.h | 1166 |
1 files changed, 1166 insertions, 0 deletions
diff --git a/epan/reassemble.h b/epan/reassemble.h new file mode 100644 index 00000000..0b294d59 --- /dev/null +++ b/epan/reassemble.h @@ -0,0 +1,1166 @@ +/** @file + * Declarations of routines for {fragment,segment} reassembly + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +/* make sure that all flags that are set in a fragment entry is also set for + * the flags field of fd_head !!! + */ + +#ifndef REASSEMBLE_H +#define REASSEMBLE_H + +#include "ws_symbol_export.h" + +/* only in fd_head: packet is defragmented */ +#define FD_DEFRAGMENTED 0x0001 + +/* there are overlapping fragments */ +#define FD_OVERLAP 0x0002 + +/* overlapping fragments contain different data */ +#define FD_OVERLAPCONFLICT 0x0004 + +/* more than one fragment which indicates end-of data */ +#define FD_MULTIPLETAILS 0x0008 + +/* fragment starts before the end of the datagram but extends + past the end of the datagram */ +#define FD_TOOLONGFRAGMENT 0x0010 + +/* fragment tvb is subset, don't tvb_free() it */ +#define FD_SUBSET_TVB 0x0020 + +/* this flag is used to request fragment_add to continue the reassembly process */ +#define FD_PARTIAL_REASSEMBLY 0x0040 + +/* fragment offset is indicated by sequence number and not byte offset + into the defragmented packet */ +#define FD_BLOCKSEQUENCE 0x0100 + +/* This flag is set in (only) fd_head to denote that datalen has been set to a valid value. + * It's implied by FD_DEFRAGMENTED (we must know the total length of the + * datagram if we have defragmented it...) + */ +#define FD_DATALEN_SET 0x0400 + +typedef struct _fragment_item { + struct _fragment_item *next; + guint32 frame; /**< frame number where the fragment is from */ + guint32 offset; /**< fragment number for FD_BLOCKSEQUENCE, byte + * offset otherwise */ + guint32 len; /**< fragment length */ + guint32 flags; /**< XXX - do some of these apply only to reassembly + * heads and others only to fragments within + * a reassembly? */ + tvbuff_t *tvb_data; +} fragment_item; + +typedef struct _fragment_head { + struct _fragment_item *next; + struct _fragment_item *first_gap; /**< pointer to last fragment before first gap. + * NULL if there is no fragment starting at offset 0 */ + guint ref_count; /**< reference count in reassembled_table */ + guint32 contiguous_len; /**< contigous length from head up to first gap */ + guint32 frame; /**< maximum of all frame numbers added to reassembly */ + guint32 len; /**< When flags&FD_BLOCKSEQUENCE and FD_DEFRAGMENTED + * are set, the number of bytes of the full datagram. + * Otherwise not valid. */ + guint32 fragment_nr_offset; /**< offset for frame numbering, for sequences, where the + * provided fragment number of the first fragment does + * not start with 0 */ + guint32 datalen; /**< When flags&FD_BLOCKSEQUENCE is set, the + * index of the last block (segments in + * datagram + 1); otherwise the number of + * bytes of the full datagram. Only valid in + * the first item of the fragments list when + * flags&FD_DATALEN is set.*/ + guint32 reassembled_in; /**< frame where this PDU was reassembled, + * only valid when FD_DEFRAGMENTED is set */ + guint8 reas_in_layer_num; /**< The current "depth" or layer number in the current + * frame where reassembly was completed. + * Example: in SCTP there can be several data chunks and + * we want the reassemblied tvb for the final segment only. */ + guint32 flags; /**< XXX - do some of these apply only to reassembly + * heads and others only to fragments within + * a reassembly? */ + tvbuff_t *tvb_data; + /** + * Null if the reassembly had no error; non-null if it had + * an error, in which case it's the string for the error. + */ + const char *error; +} fragment_head; + +/* + * Flags for fragment_add_seq_* + */ + +/* we don't have any sequence numbers - fragments are assumed to appear in + * order */ +#define REASSEMBLE_FLAGS_NO_FRAG_NUMBER 0x0001 + +/* a special fudge for the 802.11 dissector */ +#define REASSEMBLE_FLAGS_802_11_HACK 0x0002 + +/* + * Flags for fragment_add_seq_single_* + */ + +/* we want to age off old packets */ +#define REASSEMBLE_FLAGS_AGING 0x0001 + +/* + * Generates a fragment identifier based on the given parameters. "data" is an + * opaque type whose interpretation is up to the caller of fragment_add* + * functions and the fragment key function (possibly NULL if you do not care). + * + * Keys returned by this function are only used within this packet scope. + */ +typedef gpointer (*fragment_temporary_key)(const packet_info *pinfo, + const guint32 id, const void *data); + +/* + * Like fragment_temporary_key, but used for identifying reassembled fragments + * which may persist through multiple packets. + */ +typedef gpointer (*fragment_persistent_key)(const packet_info *pinfo, + const guint32 id, const void *data); + +/* + * Data structure to keep track of fragments and reassemblies. + */ +typedef struct { + GHashTable *fragment_table; + GHashTable *reassembled_table; + fragment_temporary_key temporary_key_func; + fragment_persistent_key persistent_key_func; + GDestroyNotify free_temporary_key_func; /* temporary key destruction function */ +} reassembly_table; + +/* + * Table of functions for a reassembly table. + */ +typedef struct { + /* Functions for fragment table */ + GHashFunc hash_func; /* hash function */ + GEqualFunc equal_func; /* comparison function */ + fragment_temporary_key temporary_key_func; /* temporary key creation function */ + fragment_persistent_key persistent_key_func; /* persistent key creation function */ + GDestroyNotify free_temporary_key_func; /* temporary key destruction function */ + GDestroyNotify free_persistent_key_func; /* persistent key destruction function */ +} reassembly_table_functions; + +/* + * Tables of functions exported for the benefit of dissectors that + * don't need special items in their keys. + */ +WS_DLL_PUBLIC const reassembly_table_functions + addresses_reassembly_table_functions; /* keys have endpoint addresses and an ID */ +WS_DLL_PUBLIC const reassembly_table_functions + addresses_ports_reassembly_table_functions; /* keys have endpoint addresses and ports and an ID */ + +/* + * Register a reassembly table. By registering the table with epan, the creation and + * destruction of the table can be managed by epan and not the dissector. + */ +WS_DLL_PUBLIC void +reassembly_table_register(reassembly_table *table, + const reassembly_table_functions *funcs); + +/* + * Initialize/destroy a reassembly table. + * + * init: If table doesn't exist: create table; + * else: just remove any entries; + * destroy: remove entries and destroy table; + */ +WS_DLL_PUBLIC void +reassembly_table_init(reassembly_table *table, + const reassembly_table_functions *funcs); +WS_DLL_PUBLIC void +reassembly_table_destroy(reassembly_table *table); + +/* + * This function adds a new fragment to the reassembly table + * If this is the first fragment seen for this datagram, a new entry + * is created in the table, otherwise this fragment is just added + * to the linked list of fragments for this packet. + * The list of fragments for a specific datagram is kept sorted for + * easier handling. + * + * Datagrams (messages) are identified by a key generated by + * fragment_temporary_key or fragment_persistent_key, based on the "pinfo", "id" + * and "data" pairs. (This is the sole purpose of "data".) + * + * Fragments are identified by "frag_offset". + * + * Returns a pointer to the head of the fragment data list if we have all the + * fragments, NULL otherwise. Note that the reassembled fragments list may have + * a non-zero fragment offset, the only guarantee is that no gaps exist within + * the list. + * + * @note Reused keys are assumed to refer to the same reassembled message + * (i.e., retransmission). If the same "id" is used more than once on a + * connection, then "data" and custom reassembly_table_functions should be + * used so that the keys hash differently. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add(reassembly_table *table, tvbuff_t *tvb, const int offset, + const packet_info *pinfo, const guint32 id, const void *data, + const guint32 frag_offset, const guint32 frag_data_len, + const gboolean more_frags); +/* + * Like fragment_add, except that the fragment may be added to multiple + * reassembly tables. This is needed when multiple protocol layers try + * to add the same packet to the reassembly table. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_multiple_ok(reassembly_table *table, tvbuff_t *tvb, + const int offset, const packet_info *pinfo, + const guint32 id, const void *data, + const guint32 frag_offset, + const guint32 frag_data_len, + const gboolean more_frags); + +/* + * Like fragment_add, except that the fragment may originate from a frame + * other than pinfo->num. For use when you are adding an out of order segment + * that arrived in an earlier frame, so that show_fragment_tree will display + * the correct fragment numbers. + * + * This is for protocols like TCP, where the correct reassembly to add a + * segment to cannot be determined without processing previous segments + * in sequence order, including handing them to subdissectors. + * + * Note that pinfo is still used to set reassembled_in if we have all the + * fragments, so that results on subsequent passes can be the same as the + * first pass. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_out_of_order(reassembly_table *table, tvbuff_t *tvb, + const int offset, const packet_info *pinfo, + const guint32 id, const void *data, + const guint32 frag_offset, + const guint32 frag_data_len, + const gboolean more_frags, const guint32 frag_frame); +/* + * Like fragment_add, but maintains a table for completed reassemblies. + * + * If the packet was seen before, return the head of the fully reassembled + * fragments list (NULL if there was none). + * + * Otherwise (if reassembly was not possible before), try to add the new + * fragment to the fragments table. If reassembly is now possible, remove all + * (reassembled) fragments from the fragments table and store it as a completed + * reassembly. The head of this reassembled fragments list is returned. + * + * Otherwise (if reassembly is still not possible after adding this fragment), + * return NULL. + * + * @note Completed reassemblies are removed from the in-progress table, so + * key can be reused to begin a new reassembled message. Conversely, + * dissectors SHOULD NOT call this with a retransmitted fragment of a + * completed reassembly. Dissectors atop a reliable protocol like TCP + * may assume that the lower layer dissector handles retransmission, + * but other dissectors (e.g., atop UDP or Ethernet) will have to handle + * that situation themselves. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_check(reassembly_table *table, tvbuff_t *tvb, const int offset, + const packet_info *pinfo, const guint32 id, + const void *data, const guint32 frag_offset, + const guint32 frag_data_len, const gboolean more_frags); + +/* + * Like fragment_add_check, but handles retransmissions after reassembly. + * + * Start new reassembly only if there is no reassembly in progress and there + * is no completed reassembly reachable from fallback_frame. If there is + * completed reassembly (reachable from fallback_frame), simply links this + * packet into the list, updating the flags if necessary (however actual data + * and reassembled in frame won't be modified). + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_check_with_fallback(reassembly_table *table, tvbuff_t *tvb, const int offset, + const packet_info *pinfo, const guint32 id, + const void *data, const guint32 frag_offset, + const guint32 frag_data_len, const gboolean more_frags, + const guint32 fallback_frame); + +/* + * Like fragment_add, but fragments have a block sequence number starting from + * zero (for the first fragment of each datagram). This differs from + * fragment_add for which the fragment may start at any offset. + * + * If this is the first fragment seen for this datagram, a new + * "fragment_head" structure is allocated to refer to the reassembled + * packet, and: + * + * if "more_frags" is false, and either we have no sequence numbers, or + * are using the 802.11 hack (via fragment_add_seq_802_11), it is assumed that + * this is the only fragment in the datagram. The structure is not added to the + * hash table, and not given any fragments to refer to, but is just returned. + * + * In this latter case reassembly wasn't done (since there was only one + * fragment in the packet); dissectors can check the 'next' pointer on the + * returned list to see if this case was hit or not. + * + * Otherwise, this fragment is just added to the linked list of fragments + * for this packet; the fragment_item is also added to the fragment hash if + * necessary. + * + * If this packet completes assembly, these functions return the head of the + * fragment data; otherwise, they return null. + * + * @note Reused keys are assumed to refer to the same reassembled message + * (i.e., retransmission). If the same "id" is used more than once on a + * connection, then "data" and custom reassembly_table_functions should be + * used so that the keys hash differently. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_seq(reassembly_table *table, tvbuff_t *tvb, const int offset, + const packet_info *pinfo, const guint32 id, const void *data, + const guint32 frag_number, const guint32 frag_data_len, + const gboolean more_frags, const guint32 flags); + +/* + * Like fragment_add_seq, but maintains a table for completed reassemblies + * just like fragment_add_check. + * + * @note Completed reassemblies are removed from the in-progress table, so + * key can be reused to begin a new reassembled message. Conversely, + * dissectors SHOULD NOT call this with a retransmitted fragment of a + * completed reassembly. Dissectors atop a reliable protocol like TCP + * may assume that the lower layer dissector handles retransmission, + * but other dissectors (e.g., atop UDP or Ethernet) will have to handle + * that situation themselves. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_seq_check(reassembly_table *table, tvbuff_t *tvb, const int offset, + const packet_info *pinfo, const guint32 id, + const void *data, + const guint32 frag_number, const guint32 frag_data_len, + const gboolean more_frags); + +/* + * Like fragment_add_seq_check, but immediately returns a fragment list for a + * new fragment. This is a workaround specific for the 802.11 dissector, do not + * use it elsewhere. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_seq_802_11(reassembly_table *table, tvbuff_t *tvb, + const int offset, const packet_info *pinfo, + const guint32 id, const void *data, + const guint32 frag_number, const guint32 frag_data_len, + const gboolean more_frags); + +/* + * Like fragment_add_seq_check, but without explicit fragment number. Fragments + * are simply appended until no "more_frags" is false. + * + * @note Out of order fragments will not be reassembled correctly. + * Dissectors atop a reliable protocol like TCP may rely on the lower + * level dissector reordering out or order segments (if the appropraite + * out of order reassembly preference is enabled), but other dissectors + * will have to handle out of order fragments themselves, if possible. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_seq_next(reassembly_table *table, tvbuff_t *tvb, const int offset, + const packet_info *pinfo, const guint32 id, + const void *data, const guint32 frag_data_len, + const gboolean more_frags); + +/* + * Like fragment_add_seq_check, but for protocols like PPP MP with a single + * sequence number that increments for each fragment, thus acting like the sum + * of the PDU sequence number and explicit fragment number in other protocols. + * See Appendix A of RFC 4623 (PWE3 Fragmentation and Reassembly) for a list + * of protocols that use this style, including PPP MP (RFC 1990), PWE3 MPLS + * (RFC 4385), L2TPv2 (RFC 2661), L2TPv3 (RFC 3931), ATM, and Frame Relay. + * It is guaranteed to reassemble a packet split up to "max_frags" in size, + * but may manage to reassemble more in certain cases. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_seq_single(reassembly_table *table, tvbuff_t *tvb, + const int offset, const packet_info *pinfo, const guint32 id, + const void* data, const guint32 frag_data_len, + const gboolean first, const gboolean last, + const guint32 max_frags); + +/* + * A variation on the above that ages off fragments that have not been + * reassembled. Useful if the sequence number loops to deal with leftover + * fragments from the beginning of the capture or missing fragments. + */ +WS_DLL_PUBLIC fragment_head * +fragment_add_seq_single_aging(reassembly_table *table, tvbuff_t *tvb, + const int offset, const packet_info *pinfo, const guint32 id, + const void* data, const guint32 frag_data_len, + const gboolean first, const gboolean last, + const guint32 max_frags, const guint32 max_age); + +/* + * Start a reassembly, expecting "tot_len" as the number of given fragments (not + * the number of bytes). Data can be added later using fragment_add_seq_check. + */ +WS_DLL_PUBLIC void +fragment_start_seq_check(reassembly_table *table, const packet_info *pinfo, + const guint32 id, const void *data, + const guint32 tot_len); + +/* + * Mark end of reassembly and returns the reassembled fragment (if completed). + * Use it when fragments were added with "more_flags" set while you discovered + * that no more fragments have to be added. + * This is for fragments added with add_seq_next; it doesn't check for gaps, + * and doesn't set datalen correctly for the fragment_add family. + */ +WS_DLL_PUBLIC fragment_head * +fragment_end_seq_next(reassembly_table *table, const packet_info *pinfo, + const guint32 id, const void *data); + +/* To specify the offset for the fragment numbering, the first fragment is added with 0, and + * afterwards this offset is set. All additional calls to off_seq_check will calculate + * the number in sequence in regards to the offset */ +WS_DLL_PUBLIC void +fragment_add_seq_offset(reassembly_table *table, const packet_info *pinfo, const guint32 id, + const void *data, const guint32 fragment_offset); + +/* + * Sets the expected index for the last block (for fragment_add_seq functions) + * or the expected number of bytes (for fragment_add functions). A reassembly + * must already have started. + * + * Note that for FD_BLOCKSEQUENCE tot_len is the index for the tail fragment. + * i.e. since the block numbers start at 0, if we specify tot_len==2, that + * actually means we want to defragment 3 blocks, block 0, 1 and 2. + */ +WS_DLL_PUBLIC void +fragment_set_tot_len(reassembly_table *table, const packet_info *pinfo, + const guint32 id, const void *data, const guint32 tot_len); + +/* + * Similar to fragment_set_tot_len, it sets the expected number of bytes (for + * fragment_add functions) for a previously started reassembly. If the specified + * length already matches the reassembled length, then nothing will be done. + * + * If the fragments were previously reassembled, then this state will be + * cleared, allowing new fragments to extend the reassembled result again. + */ +void +fragment_reset_tot_len(reassembly_table *table, const packet_info *pinfo, + const guint32 id, const void *data, const guint32 tot_len); + +/* + * Truncates the size of an already defragmented reassembly to tot_len, + * discarding past that point, including splitting any fragments in the + * middle as necessary. The specified length must be less than or equal + * to the reassembled length. (If it already matches the reassembled length, + * then nothing will be done.) + * + * Used for continuous streams like TCP, where the length of a segment cannot + * be determined without first reassembling and handing to a subdissector. + */ +void +fragment_truncate(reassembly_table *table, const packet_info *pinfo, + const guint32 id, const void *data, const guint32 tot_len); + +/* + * Return the expected index for the last block (for fragment_add_seq functions) + * or the expected number of bytes (for fragment_add functions). + */ +WS_DLL_PUBLIC guint32 +fragment_get_tot_len(reassembly_table *table, const packet_info *pinfo, + const guint32 id, const void *data); + +/* + * This function will set the partial reassembly flag(FD_PARTIAL_REASSEMBLY) for a fh. + * When this function is called, the fh MUST already exist, i.e. + * the fh MUST be created by the initial call to fragment_add() before + * this function is called. Also note that this function MUST be called to indicate + * a fh will be extended (increase the already stored data). After calling this function, + * and if FD_DEFRAGMENTED is set, the reassembly process will be continued. + */ +WS_DLL_PUBLIC void +fragment_set_partial_reassembly(reassembly_table *table, + const packet_info *pinfo, const guint32 id, + const void *data); + +/* This function is used to check if there is partial or completed reassembly state + * matching this packet. I.e. Are there reassembly going on or not for this packet? + */ +WS_DLL_PUBLIC fragment_head * +fragment_get(reassembly_table *table, const packet_info *pinfo, + const guint32 id, const void *data); + +/* The same for the reassemble table */ +WS_DLL_PUBLIC fragment_head * +fragment_get_reassembled_id(reassembly_table *table, const packet_info *pinfo, + const guint32 id); + +/* This will free up all resources and delete reassembly state for this PDU. + * Except if the PDU is completely reassembled, then it would NOT deallocate the + * buffer holding the reassembled data but instead return the TVB + * + * So, if you call fragment_delete and it returns non-NULL, YOU are responsible to + * tvb_free() . + */ +WS_DLL_PUBLIC tvbuff_t * +fragment_delete(reassembly_table *table, const packet_info *pinfo, + const guint32 id, const void *data); + +/* This struct holds references to all the tree and field handles used when + * displaying the reassembled fragment tree in the packet details view. A + * dissector will populate this structure with its own tree and field handles + * and then invoke show_fragment_tree to have those items added to the packet + * details tree. + */ +typedef struct _fragment_items { + gint *ett_fragment; + gint *ett_fragments; + + int *hf_fragments; /* FT_NONE */ + int *hf_fragment; /* FT_FRAMENUM */ + int *hf_fragment_overlap; /* FT_BOOLEAN */ + int *hf_fragment_overlap_conflict; /* FT_BOOLEAN */ + int *hf_fragment_multiple_tails; /* FT_BOOLEAN */ + int *hf_fragment_too_long_fragment; /* FT_BOOLEAN */ + int *hf_fragment_error; /* FT_FRAMENUM */ + int *hf_fragment_count; /* FT_UINT32 */ + int *hf_reassembled_in; /* FT_FRAMENUM */ + int *hf_reassembled_length; /* FT_UINT32 */ + int *hf_reassembled_data; /* FT_BYTES */ + + const char *tag; +} fragment_items; + +WS_DLL_PUBLIC tvbuff_t * +process_reassembled_data(tvbuff_t *tvb, const int offset, packet_info *pinfo, + const char *name, fragment_head *fd_head, const fragment_items *fit, + gboolean *update_col_infop, proto_tree *tree); + +WS_DLL_PUBLIC gboolean +show_fragment_tree(fragment_head *ipfd_head, const fragment_items *fit, + proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi); + +WS_DLL_PUBLIC gboolean +show_fragment_seq_tree(fragment_head *ipfd_head, const fragment_items *fit, + proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, proto_item **fi); + +/* Initialize internal structures + */ +extern void reassembly_tables_init(void); + +/* Cleanup internal structures + */ +extern void +reassembly_table_cleanup(void); + +/* ===================== Streaming data reassembly helper ===================== */ +/** + * Macro to help to define ett or hf items variables for reassembly (especially for streaming reassembly). + * The statement: + * + * REASSEMBLE_ITEMS_DEFINE(foo_body, "Foo Body"); // in global scope + * + * will create global variables: + * + * static gint ett_foo_body_fragment = -1; + * static gint ett_foo_body_fragments = -1; + * static int hf_foo_body_fragment = -1; + * static int hf_foo_body_fragments = -1; + * static int hf_foo_body_fragment_overlap = -1; + * ... + * static int hf_foo_body_segment = -1; + * + * static const fragment_items foo_body_fragment_items = { + * &ett_foo_body_fragment, + * &ett_foo_body_fragments, + * &hf_foo_body_fragments, + * &hf_foo_body_fragment, + * &hf_foo_body_fragment_overlap, + * ... + * "Foo Body fragments" + * }; + */ +#define REASSEMBLE_ITEMS_DEFINE(var_prefix, name_prefix) \ + static gint ett_##var_prefix##_fragment = -1; \ + static gint ett_##var_prefix##_fragments = -1; \ + static int hf_##var_prefix##_fragments = -1; \ + static int hf_##var_prefix##_fragment = -1; \ + static int hf_##var_prefix##_fragment_overlap = -1; \ + static int hf_##var_prefix##_fragment_overlap_conflicts = -1; \ + static int hf_##var_prefix##_fragment_multiple_tails = -1; \ + static int hf_##var_prefix##_fragment_too_long_fragment = -1; \ + static int hf_##var_prefix##_fragment_error = -1; \ + static int hf_##var_prefix##_fragment_count = -1; \ + static int hf_##var_prefix##_reassembled_in = -1; \ + static int hf_##var_prefix##_reassembled_length = -1; \ + static int hf_##var_prefix##_reassembled_data = -1; \ + static int hf_##var_prefix##_segment = -1; \ + static const fragment_items var_prefix##_fragment_items = { \ + &ett_##var_prefix##_fragment, \ + &ett_##var_prefix##_fragments, \ + &hf_##var_prefix##_fragments, \ + &hf_##var_prefix##_fragment, \ + &hf_##var_prefix##_fragment_overlap, \ + &hf_##var_prefix##_fragment_overlap_conflicts, \ + &hf_##var_prefix##_fragment_multiple_tails, \ + &hf_##var_prefix##_fragment_too_long_fragment, \ + &hf_##var_prefix##_fragment_error, \ + &hf_##var_prefix##_fragment_count, \ + &hf_##var_prefix##_reassembled_in, \ + &hf_##var_prefix##_reassembled_length, \ + &hf_##var_prefix##_reassembled_data, \ + name_prefix " fragments" \ + } + +/** + * Macro to help to initialize hf (head field) items for reassembly. + * The statement: + * + * void proto_register_foo(void) { + * static hf_register_info hf[] = { + * ... + * { &hf_proto_foo_payload, + * { "Payload", "foo.payload", + * FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } + * }, + * + * // Add fragments items + * REASSEMBLE_INIT_HF_ITEMS(foo_body, "Foo Body", "foo.body"), + * ... + * }; + * ... + * } + * + * will expand like: + * + * void proto_register_foo(void) { + * static hf_register_info hf[] = { + * ... + * { &hf_proto_foo_payload, + * { "Payload", "foo.payload", + * FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } + * }, + * + * // Add fragments items + * { &hf_foo_body_fragments, \ + * { "Reassembled Foo Body fragments", "foo.body.fragments", \ + * FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + * }, + * { &hf_foo_body_fragment, \ + * { "Foo Body fragment", "foo.body.fragment", \ + * FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + * }, + * { &hf_foo_body_fragment_overlap, \ + * { "Foo Body fragment overlap", "foo.body.fragment.overlap", \ + * FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + * }, + * ... + * }; + * ... + * } + */ +#define REASSEMBLE_INIT_HF_ITEMS(var_prefix, name_prefix, abbrev_prefix) \ + { &hf_##var_prefix##_fragments, \ + { "Reassembled " name_prefix " fragments", abbrev_prefix ".fragments", \ + FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_fragment, \ + { name_prefix " fragment", abbrev_prefix ".fragment", \ + FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_fragment_overlap, \ + { name_prefix " fragment overlap", abbrev_prefix ".fragment.overlap", \ + FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_fragment_overlap_conflicts, \ + { name_prefix " fragment overlapping with conflicting data", abbrev_prefix ".fragment.overlap.conflicts", \ + FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_fragment_multiple_tails, \ + { name_prefix " has multiple tail fragments", abbrev_prefix ".fragment.multiple_tails", \ + FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_fragment_too_long_fragment, \ + { name_prefix " fragment too long", abbrev_prefix ".fragment.too_long_fragment", \ + FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_fragment_error, \ + { name_prefix " defragment error", abbrev_prefix ".fragment.error", \ + FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_fragment_count, \ + { name_prefix " fragment count", abbrev_prefix ".fragment.count", \ + FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_reassembled_in, \ + { "Reassembled in", abbrev_prefix ".reassembled.in", \ + FT_FRAMENUM, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_reassembled_length, \ + { "Reassembled length", abbrev_prefix ".reassembled.length", \ + FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_reassembled_data, \ + { "Reassembled data", abbrev_prefix ".reassembled.data", \ + FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } \ + }, \ + { &hf_##var_prefix##_segment, \ + { name_prefix " segment", abbrev_prefix ".segment", \ + FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL} \ + } + +/** + * Macro to help to initialize protocol subtree (ett) items for reassembly. + * The statement: + * + * void proto_register_foo(void) { + * ... + * static gint* ett[] = { + * &ett_foo_abc, + * ... + * // Add ett items + * REASSEMBLE_INIT_ETT_ITEMS(foo_body), + * ... + * }; + * ... + * } + * + * will expand like: + * + * void proto_register_foo(void) { + * ... + * static gint* ett[] = { + * &ett_foo_abc, + * ... + * // Add ett items + * &ett_foo_body_fragment, + * &ett_foo_body_fragments, + * ... + * }; + * ... + * } + */ +#define REASSEMBLE_INIT_ETT_ITEMS(var_prefix) \ + &ett_##var_prefix##_fragment, \ + &ett_##var_prefix##_fragments + +/** a private structure for keeping streaming reassembly information */ +typedef struct streaming_reassembly_info_t streaming_reassembly_info_t; + +/** + * Allocate a streaming reassembly information in wmem_file_scope. + */ +WS_DLL_PUBLIC streaming_reassembly_info_t* +streaming_reassembly_info_new(void); + +/** + * This function provides a simple way to reassemble the streaming data of a higher level + * protocol that is not on top of TCP but on another protocol which might be on top of TCP. + * + * For example, suppose there are two streaming protocols ProtoA and ProtoB. ProtoA is a protocol on top + * of TCP. ProtoB is a protocol on top of ProtoA. + * + * ProtoA dissector should use tcp_dissect_pdus() or pinfo->can_desegment/desegment_offset/desegment_len + * to reassemble its own messages on top of TCP. After the PDUs of ProtoA are reassembled, ProtoA dissector + * can call reassemble_streaming_data_and_call_subdissector() to help ProtoB dissector to reassemble the + * PDUs of ProtoB. ProtoB needs to use fields pinfo->can_desegment/desegment_offset/desegment_len to tell + * its requirements about reassembly (to reassemble_streaming_data_and_call_subdissector()). + * + * ----- +-- Reassembled ProtoB PDU --+-- Reassembled ProtoB PDU --+-- Reassembled ProtoB PDU --+---------------- + * ProtoB: | ProtoB header and payload | ProtoB header and payload | ProtoB header and payload | ... + * +----------------------------+---------+------------------+--------+-------------------+--+------------- + * ----- ^ >>> Reassemble with reassemble_streaming_data_and_call_subdissector() and pinfo->desegment_len.. <<< ^ + * +----------------------------+---------+------------------+--------+-------------------+--+------------- + * | ProtoA payload1 | ProtoA payload2 | ProtoA payload3 | ... + * +--------------------------------------+---------------------------+----------------------+------------- + * ^ ^ ^ ^ + * | >>> Do de-chunk <<< |\ >>> Do de-chunk <<< \ \ >>> Do de-chunk <<< \ + * | | \ \ \ \ + * | | \ \ \ ... + * | | \ \ \ \ + * +-------- First Reassembled ProtoA PDU ---------+-- Second Reassembled ProtoA PDU ---+- Third Reassembled Prot... + * ProtoA: | Header | ProtoA payload1 | Header | ProtoA payload2 | Header | ProtoA payload3 . + * +--------+----------------------+---------------+--------+---------------------------+--------+-+---------------- + * ----- ^ >>> Reassemble with tcp_dissect_pdus() or pinfo->can_desegment/desegment_offset/desegment_len <<< ^ + * +--------+----------------------+---------------+--------+---------------------------+--------+-+---------------- + * TCP: | TCP segment | TCP segment | TCP segment | ... + * ----- +-------------------------------+-------------------------------+-------------------------------+---------------- + * + * The function reassemble_streaming_data_and_call_subdissector() uses fragment_add() and process_reassembled_data() + * to complete its reassembly task. + * + * The reassemble_streaming_data_and_call_subdissector() will handle many cases. The most complicated one is: + * + * +-------------------------------------- Payload of a ProtoA PDU -----------------------------------------------+ + * | EoMSP: end of a multisegment PDU | OmNFP: one or more non-fragment PDUs | BoMSP: begin of a multisegment PDU | + * +----------------------------------+--------------------------------------+------------------------------------+ + * Note, we use short name 'MSP' for 'Multisegment PDU', and 'NFP' for 'Non-fragment PDU'. + * + * In this case, the payload of a ProtoA PDU contains: + * - EoMSP (Part1): At the begin of the ProtoA payload, there is the last part of a multisegment PDU of ProtoB. + * - OmNFP (Part2): The middle part of ProtoA payload payload contains one or more non-fragment PDUs of ProtoB. + * - BoMSP (Part3): At the tail of the ProtoA payload, there is the begin of a new multisegment PDU of ProtoB. + * + * All of three parts are optional. For example, one ProtoA payload could contain only EoMSP, OmNFP or BoMSP; or contain + * EoMSP and OmNFP without BoMSP; or contain EoMSP and BoMSP without OmNFP; or contain OmNFP and BoMSP without + * EoMSP. + * + * +---- A ProtoB MSP ---+ +-- A ProtoB MSP --+-- A ProtoB MSP --+ +-- A ProtoB MSP --+ + * | | | | | | | + * +- A ProtoA payload -+ +-------+-------+-------+ +-------+-------+ +-------+-------+ +-------+ +-------+ +-------+ + * | OmNFP | BoMSP | | EoMSP | OmNFP | BoMSP | | EoMSP | BoMSP | | EoMSP | OmNFP | | BoMSP | | EoMSP | | OmNFP | + * +---------+----------+ +-------+-------+-------+ +-------+-------+ +-------+-------+ +-------+ +-------+ +-------+ + * | | | | | | | + * +---------------------+ +------------------+------------------+ +------------------+ + * + * And another case is the entire ProtoA payload is one of middle parts of a multisegment PDU. We call it: + * - MoMSP: The middle part of a multisegment PDU of ProtoB. + * + * Following case shows a multisegment PDU composed of [BoMSP + MoMSP + MoMSP + MoMSP + EoMSP]: + * + * +------------------ A Multisegment PDU of ProtoB ----------------------+ + * | | + * +--- ProtoA payload1 ---+ +- payload2 -+ +- Payload3 -+ +- Payload4 -+ +- ProtoA payload5 -+ + * | EoMSP | OmNFP | BoMSP | | MoMSP | | MoMSP | | MoMSP | | EoMSP | BoMSP | + * +-------+-------+-------+ +------------+ +------------+ +------------+ +---------+---------+ + * | | + * +----------------------------------------------------------------------+ + * + * The function reassemble_streaming_data_and_call_subdissector() will handle all of the above cases and manage + * the information used during the reassembly. The caller (ProtoA dissector) only needs to initialize the relevant + * variables and pass these variables and its own completed payload to this function. + * + * The subdissector (ProtoB dissector) needs to set the pinfo->desegment_len to cooperate with the function + * reassemble_streaming_data_and_call_subdissector() to complete the reassembly task. + * The pinfo->desegment_len should be DESEGMENT_ONE_MORE_SEGMENT or contain the estimated number of additional bytes required for completing + * the current PDU (MSP), and set pinfo->desegment_offset to the offset in the tvbuff at which the dissector will + * continue processing when next called. Next time the subdissector is called, it will be passed a tvbuff composed + * of the end of the data from the previous tvbuff together with desegment_len more bytes. If the dissector cannot + * tell how many more bytes it will need, it should set pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT or additional bytes required for parsing + * message head. It will then be called again as soon as more data becomes available. Subdissector MUST NOT set the + * pinfo->desegment_len to DESEGMENT_UNTIL_FIN, we don't support it yet. + * + * Note that if the subdissector sets pinfo->desegment_len to additional bytes required for parsing the header of + * the message rather than the entire message when the length of entire message is unable to be determined, it MUST + * return the length of the tvb handled by itself (for example, return 0 length if nothing is parsed in MoMSP), + * otherwise it may cause some unexpected dissecting errors. However, if you want to be compatible with TCP's reassembly + * method by setting the pinfo->desegment_len, you MUST set the pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT + * when the entire message length cannot be determined, and return a length other than 0 (such as tvb_captured_length(tvb)) + * when exiting the subdissector dissect function (such as dissect_proto_b()). + * + * Following is sample code of ProtoB which on top of ProtoA mentioned above: + * <code> + * // file packet-proto-b.c + * ... + * + * static int + * dissect_proto_b(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data) + * { + * while (offset < tvb_len) + * { + * if (tvb_len - offset < PROTO_B_MESSAGE_HEAD_LEN) { + * // need at least X bytes for getting a ProtoB message + * if (pinfo->can_desegment) { + * pinfo->desegment_offset = offset; + * // It is strongly recommended to set pinfo->desegment_len to DESEGMENT_ONE_MORE_SEGMENT + * // if the length of entire message is unknown. + * pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT; + * return tvb_len; // MUST return a length other than 0 + * + * // Or set pinfo->desegment_len to how many additional bytes needed to parse head of + * // a ProtoB message. + * // pinfo->desegment_len = PROTO_B_MESSAGE_HEAD_LEN - (tvb_len - offset); + * // return offset; // But you MUST return the length handled by ProtoB + * } + * ... + * } + * ... + * // e.g. length is at offset 4 + * body_len = (guint)tvb_get_ntohl(tvb, offset + 4); + * + * if (tvb_len - offset - PROTO_B_MESSAGE_HEAD_LEN < body_len) { + * // need X bytes for dissecting a ProtoB message + * if (pinfo->can_desegment) { + * pinfo->desegment_offset = offset; + * // caculate how many additional bytes need to parsing body of a ProtoB message + * pinfo->desegment_len = body_len - (tvb_len - offset - PROTO_B_MESSAGE_HEAD_LEN); + * // MUST return a length other than 0, if DESEGMENT_ONE_MORE_SEGMENT is used previously. + * return tvb_len; + * + * // MUST return the length handled by ProtoB, + * // if 'pinfo->desegment_len = PROTO_B_MESSAGE_HEAD_LEN - (tvb_len - offset);' is used previously. + * // return offset; + * } + * ... + * } + * ... + * } + * return tvb_len; // all bytes of this tvb are parsed + * } + * </code> + * + * Following is sample code of ProtoA mentioned above: + * <code> + * // file packet-proto-a.c + * ... + * // reassembly table for streaming chunk mode + * static reassembly_table proto_a_streaming_reassembly_table; + * ... + * // heads for displaying reassembley information + * static int hf_msg_fragments = -1; + * static int hf_msg_fragment = -1; + * static int hf_msg_fragment_overlap = -1; + * static int hf_msg_fragment_overlap_conflicts = -1; + * static int hf_msg_fragment_multiple_tails = -1; + * static int hf_msg_fragment_too_long_fragment = -1; + * static int hf_msg_fragment_error = -1; + * static int hf_msg_fragment_count = -1; + * static int hf_msg_reassembled_in = -1; + * static int hf_msg_reassembled_length = -1; + * static int hf_msg_body_segment = -1; + * ... + * static gint ett_msg_fragment = -1; + * static gint ett_msg_fragments = -1; + * ... + * static const fragment_items msg_frag_items = { + * &ett_msg_fragment, + * &ett_msg_fragments, + * &hf_msg_fragments, + * &hf_msg_fragment, + * &hf_msg_fragment_overlap, + * &hf_msg_fragment_overlap_conflicts, + * &hf_msg_fragment_multiple_tails, + * &hf_msg_fragment_too_long_fragment, + * &hf_msg_fragment_error, + * &hf_msg_fragment_count, + * &hf_msg_reassembled_in, + * &hf_msg_reassembled_length, + * "ProtoA Message fragments" + * }; + * ... + * static int + * dissect_proto_a(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data) + * { + * ... + * streaming_reassembly_info_t* streaming_reassembly_info = NULL; + * ... + * proto_a_tree = proto_item_add_subtree(ti, ett_proto_a); + * ... + * if (!PINFO_FD_VISITED(pinfo)) { + * streaming_reassembly_info = streaming_reassembly_info_new(); + * // save streaming reassembly info in the stream conversation or something like that + * save_reassembly_info(pinfo, stream_id, flow_dir, streaming_reassembly_info); + * } else { + * streaming_reassembly_info = get_reassembly_info(pinfo, stream_id, flow_dir); + * } + * ... + * while (offset < tvb_len) + * { + * ... + * payload_len = xxx; + * ... + * if (dissecting_in_streaming_mode) { + * // reassemble and call subdissector + * reassemble_streaming_data_and_call_subdissector(tvb, pinfo, offset, + * payload_len, proto_a_tree, proto_tree_get_parent_tree(proto_a_tree), + * proto_a_streaming_reassembly_table, streaming_reassembly_info, + * get_virtual_frame_num64(tvb, pinfo, offset), subdissector_handle, + * proto_tree_get_parent_tree(tree), NULL, + * "ProtoA", &msg_frag_items, hf_msg_body_segment); + * ... + * } + * } + * + * ... + * void proto_register_proto_a(void) { + * ... + * static hf_register_info hf[] = { + * ... + * {&hf_msg_fragments, + * {"Reassembled ProtoA Message fragments", "protoa.msg.fragments", + * FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_fragment, + * {"Message fragment", "protoa.msg.fragment", + * FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_fragment_overlap, + * {"Message fragment overlap", "protoa.msg.fragment.overlap", + * FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_fragment_overlap_conflicts, + * {"Message fragment overlapping with conflicting data", + * "protoa.msg.fragment.overlap.conflicts", + * FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_fragment_multiple_tails, + * {"Message has multiple tail fragments", + * "protoa.msg.fragment.multiple_tails", + * FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_fragment_too_long_fragment, + * {"Message fragment too long", "protoa.msg.fragment.too_long_fragment", + * FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_fragment_error, + * {"Message defragmentation error", "protoa.msg.fragment.error", + * FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_fragment_count, + * {"Message fragment count", "protoa.msg.fragment.count", + * FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_reassembled_in, + * {"Reassembled in", "protoa.msg.reassembled.in", + * FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_reassembled_length, + * {"Reassembled length", "protoa.msg.reassembled.length", + * FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, + * {&hf_msg_body_segment, + * {"ProtoA body segment", "protoa.msg.body.segment", + * FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL } }, + * } + * ... + * static gint *ett[] = { + * ... + * &ett_msg_fragment, + * &ett_msg_fragments + * } + * ... + * reassembly_table_register(&proto_a_streaming_reassembly_table, + * &addresses_ports_reassembly_table_functions); + * ... + * } + * </code> + * + * Alternatively, the code of ProtoA (packet-proto-a.c) can be made simpler with helper macros: + * <code> + * // file packet-proto-a.c + * ... + * // reassembly table for streaming chunk mode + * static reassembly_table proto_a_streaming_reassembly_table; + * // reassembly head field items definition + * REASSEMBLE_ITEMS_DEFINE(proto_a_body, "ProtoA Body"); + * ... + * static int + * dissect_proto_a(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data) + * { + * ... + * streaming_reassembly_info_t* streaming_reassembly_info = NULL; + * ... + * proto_a_tree = proto_item_add_subtree(ti, ett_proto_a); + * ... + * if (!PINFO_FD_VISITED(pinfo)) { + * streaming_reassembly_info = streaming_reassembly_info_new(); + * // save streaming reassembly info in the stream conversation or something like that + * save_reassembly_info(pinfo, stream_id, flow_dir, streaming_reassembly_info); + * } else { + * streaming_reassembly_info = get_reassembly_info(pinfo, stream_id, flow_dir); + * } + * ... + * while (offset < tvb_len) + * { + * ... + * payload_len = xxx; + * ... + * if (dissecting_in_streaming_mode) { + * // reassemble and call subdissector + * reassemble_streaming_data_and_call_subdissector(tvb, pinfo, offset, + * payload_len, proto_a_tree, proto_tree_get_parent_tree(proto_a_tree), + * proto_a_streaming_reassembly_table, streaming_reassembly_info, + * get_virtual_frame_num64(tvb, pinfo, offset), subdissector_handle, + * proto_tree_get_parent_tree(tree), NULL, "ProtoA Body", + * &proto_a_body_fragment_items, hf_proto_a_body_segment); + * ... + * } + * } + * + * ... + * void proto_register_proto_a(void) { + * ... + * static hf_register_info hf[] = { + * ... + * REASSEMBLE_INIT_HF_ITEMS(proto_a_body, "ProtoA Body", "protoa.body") + * } + * ... + * static gint *ett[] = { + * ... + * REASSEMBLE_INIT_ETT_ITEMS(proto_a_body) + * } + * ... + * reassembly_table_register(&proto_a_streaming_reassembly_table, + * &addresses_ports_reassembly_table_functions); + * ... + * } + * </code> + * + * @param tvb TVB contains (ProtoA) payload which will be passed to subdissector. + * @param pinfo Packet information. + * @param offset The beginning offset of payload in TVB. + * @param length The length of payload in TVB. + * @param segment_tree The tree for adding segment items. + * @param reassembled_tree The tree for adding reassembled information items. + * @param streaming_reassembly_table The reassembly table used for this kind of streaming reassembly. + * @param reassembly_info The structure for keeping streaming reassembly information. This should be initialized + * by streaming_reassembly_info_new(). Subdissector should keep it for each flow of per stream, + * like per direction flow of a STREAM of HTTP/2 or each request or response message flow of + * HTTP/1.1 chunked stream. + * @param cur_frame_num The uniq index of current payload and number must always be increasing from the previous frame + * number, so we can use "<" and ">" comparisons to determine before and after in time. You can use + * get_virtual_frame_num64() if the ProtoA does not has a suitable field representing payload frame num. + * @param subdissector_handle The subdissector the reassembly for. We will call subdissector for reassembly and dissecting. + * The subdissector should set pinfo->desegment_len to the length it needed if the payload is + * not enough for it to dissect. + * @param subdissector_tree The tree to be passed to subdissector. + * @param subdissector_data The data argument to be passed to subdissector. + * @param label The name of the data being reassembling. It can just be the name of protocol (ProtoA), for + * example, "[ProtoA segment of a reassembled PDU]". + * @param frag_hf_items The fragment field items for displaying fragment and reassembly information in tree. Please + * refer to process_reassembled_data(). + * @param hf_segment_data The field item to show something like "ProtoA segment data (123 bytes)". + * + * @return Handled data length. Just equal to the length argument now. + */ +WS_DLL_PUBLIC gint +reassemble_streaming_data_and_call_subdissector( + tvbuff_t* tvb, packet_info* pinfo, guint offset, gint length, + proto_tree* segment_tree, proto_tree* reassembled_tree, reassembly_table streaming_reassembly_table, + streaming_reassembly_info_t* reassembly_info, guint64 cur_frame_num, + dissector_handle_t subdissector_handle, proto_tree* subdissector_tree, void* subdissector_data, + const char* label, const fragment_items* frag_hf_items, int hf_segment_data +); + +/** + * Return a 64 bits virtual frame number that is identified as follows: + * + * +--- 32 bits ---+--------- 8 bits -------+----- 24 bits --------------+ + * | pinfo->num | pinfo->curr_layer_num | tvb->raw_offset + offset | + * +---------------------------------------------------------------------+ + * + * This allows for a single virtual frame to be uniquely identified across a capture with the + * added benefit that the number will always be increasing from the previous virtual frame so + * we can use "<" and ">" comparisons to determine before and after in time. + * + * This frame number similar to HTTP2 frame number. + */ +static inline guint64 +get_virtual_frame_num64(tvbuff_t* tvb, packet_info* pinfo, gint offset) +{ + return (((guint64)pinfo->num) << 32) + (((guint64)pinfo->curr_layer_num) << 24) + + ((guint64)tvb_raw_offset(tvb) + offset); +} + +/** + * How many additional bytes are still expected to complete this reassembly? + * + * @return How many additional bytes are expected to complete this reassembly. + * It may also be DESEGMENT_ONE_MORE_SEGMENT. + * 0 means this reassembly is completed. + */ +WS_DLL_PUBLIC gint +additional_bytes_expected_to_complete_reassembly(streaming_reassembly_info_t* reassembly_info); + +/* ========================================================================= */ + +#endif |