Ethereal-dev: Re: [Ethereal-dev] How to access value of hdr.frag_len from subdissector?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jaime Fournier <jafour1@xxxxxxxxx>
Date: Sun, 16 Jun 2002 14:52:23 -0700 (PDT)
I am on the list, so you dont have to cc me.
Let me look through my archives.
I have plenty of traces for connectionless, just to
make sure it is sanitized.



--- Guy Harris <gharris@xxxxxxxxx> wrote:
> On Mon, Jun 17, 2002 at 07:33:11AM +1000, Ronnie
> Sahlberg wrote:
> > The DCE RPC dissector already supports fragment
> reassembly for connection
> > oriented DCERPC.
> 
> Unfortunately, he indicated in mail to me that he's
> running over UDP, so
> it's connectionless DCE RPC.
> 
> I have a change to make the connectionless DCE RPC
> dissector at least
> not hand the middle and last fragments of fragmented
> PDUs to the
> subdisssectors; I'll check it in sometime today.  (I
> don't guarantee
> that it won't break anything, as I don't know
> whether I have any
> captures with connectionless DCE RPC.  If somebody
> has captures with
> connectionless DCE RPC - especially if there are
> fragmented PDUs - that
> they could send me so I can test the change with
> those PDUs, that'd be
> helpful.)
> 
> > Just do some cut-n-paste in packet-dcerpc.c if you
> need reassembly for
> > connection-less DCERPC as well.
> 
> Unfortunately, it's cut-n-paste-n-edit, as
> connectionless DCE RPC
> fragments may arrive out of order, so there's an
> additional complication
> for connectionless reassembly; the connectionless
> header has a "this is
> a fragment" flag, a "this is the last fragment"
> flag, and a fragment
> ordinal number.  (It's probably not *much*
> complication, as the
> "fragment_add_seq_check()" stuff could be used, but
> it's not just
> cut-n-paste.)
> 
> I'll look at doing the reassembly, but without
> fragmented connectionless
> traffic, I'd have to write the code and hope it
> works, rather than test
> it.  (I'll see if I have any captures with such
> traffic, but I suspect I
> don't.)
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-dev


=====
Jaime Fournier

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com