On Dec 22, 2010, at 12:58 AM, Kaul wrote:
> Can I use something like tcp_dissect_pdus() for UDP packets? Specifically,
> Kerberos over UDP - I think we can get the PDU length from the packet and get
> a complete PDU.
tcp_dissect_pdus() handles the particular case of protocols running atop a
byte-stream protocol, where the lower-level protocol has no packet boundaries,
and the upper-level protocol has to impose packet boundaries atop that.
Reassembly of higher-level packets requires the higher-level protocol to
indicate when packets begin and end, and requires the lower-level protocol to
reassemble parts of segments as dictated by the higher-level protocol.
tcp_dissect_pdus() is for use by the higher-level protocol to do its part of
the job in cases where, for example, each higher-level packet begins with a
packet-length field. (I think we
UDP is a packet-based, not byte-stream-based, protocol, as is IP. If the
fragmentation in question is IP fragmentation, reassembly is done by the IP
dissector; it needs no help from upper-layer protocols to do that. If the
fragmentation in question is done at the layer of the protocol running atop
UDP, so that a higher-level packet is reassembled from multiple independent UDP
datagrams, rather than the higher-level packet being a single UDP packet
reassembled from multiple IP fragments, then that protocol needs not only to
provide a length, it also needs to provide sequence numbers, as UDP provides no
guarantees of delivery, much less guarantees of in-order delivery.
So:
as Sake noted, if the fragmentation is done at the Kerberos layer,
Kerberos must put more than a PDU length into the packet to make it work, e.g.
it must include a sequence number;
as Ronnie noted, if the fragmentation is done at the IP layer, the work
is already being done for you - you just need to enable reassembly of
fragmented IP datagrams in the IPv4 and IPv6 dissector preferences, if it's not
already enabled.
I suspect it's done at the IP layer.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
