Wireshark-dev: Re: [Wireshark-dev] Get fragments from reassembly table
From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Thu, 22 Mar 2018 18:00:57 +0100
On Thu, Mar 22, 2018 at 04:07:05PM +0100, Anton Glukhov wrote:
> I have dissector which works with fragments and reassembling by using
> fragment_add_check() and process_reassembled_data() functions. Now I got
> one problem. Each new fragment must be validated thought CRC32 calculation,
> but not for itself but for all previous fragments together. Here is an
> example: imagine that we received 3 fragments and now they are already in
> fragment_table. Next 4th fragment is coming and we need to verify it. In
> order to verify it we have to take all previous fragments(all 3 previous)
> out, concatenate them, calculate crc32 for all _four_ fragments together
> and put 4th fragment into fragment_table by using function
> fragment_add_check(). So, it looks like we do "temporary" reassemble for
> each new packet with all previous packet. Could you help me with ideas how
> to design it better?

Can you somehow identify the individual fragments outside the reassembly
table? If so, what about storing the CRC32 value of the last fragment
(for example, in a hash table or linked list), then look that up and use
it as seed for the CRC32 calculation with your new fragment?
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl