On 09/25/15 07:32, João Valverde wrote:
Hi,
What's the use case for save_fragmented? The documentation doesn't
explain why it's there:
https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html
The context leads me to think that save_fragmented is only relevant in
this case because the example deals with a custom fragmentation protocol
over UDP...
Maybe for IP-in-IP it would be significant too but could someone please
clarify for me the intended usage?
Does something else happen using pinfo->fragmented after the IPv4/IPv6
dissector returns?
pinfo->fragmented is useful for exception processing: it should be set
to TRUE when a subdissector is called on a fragment of a message so
that, when that subdissector runs off the end of the (short) PDU
(generating an exception), Wireshark will tell the user it's an
"unreassembled packet" rather than a "malformed packet."
It should be set back to the saved value so that if there's another PDU
in the frame (which might not be fragmented--yes, that would be weird in
some protocols but it might be normal in others) then Wireshark will do
the right thing if that PDU's subdissector (also) runs off the end of
the TVB. That is, if the 2nd (non-fragmented) PDU's subdissector runs
off the end of the TVB Wireshark will correctly report "malformed packet."
