Wireshark-dev: Re: [Wireshark-dev] Reassemble serial protocols payloads

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 12 Jul 2020 02:14:23 -0700
On Jul 5, 2020, at 8:05 AM, Tomasz Moń <desowin@xxxxxxxxx> wrote:

> I am trying to implement reassembly for FTDI MPSSE protocol. The
> desegment API sounds like an excellent choice, because there can be
> more serial protocols implemented in the future that share similar
> characteristics to MPSSE (i.e. are designed around asynchronous
> character transmission).
> 
> Each time FTDI FT passes the payload to MPSSE dissector, MPSSE can:
>  * dissect the data just fine if it received (one or more) complete
> function code with parameters,
>  * dissect as much as it can (complete function code with parameters)
> and request X additional bytes
> 
> The value X in some cases is known from the beginning, but in some
> cases it is only an estimate. It is only an estimate if the missing
> data includes the variable data length parameter (i.e. MPSSE dissector
> knows that it is a data shifting command, but does not know how many
> bytes the command will send out, because the length is in the next
> frame).

So, for fragmentation/segmentation and reassembly, one distinction between types is between these two types:

	fragmentation/segmentation and reassembly where the lower-layer protocol offers a "send a PDU" service to the higher-layer protocol, and takes full responsibility for fragmentation/segmentation and reassembly, so that the higher-layer protocol can arrange to be completely unaware of whether it's taking place;

	fragmentation/segmentation and reassembly where the lower-layer protocol offers a service in which the SDU provided to the protocol turns into a PDU for that lower-layer protocol, requiring the upper-layer protocol to do fragmentation/segmentation and reassembly itself.

For the former type, the dissector for the lower-layer protocol can do reassembly entirely by itself.

For the latter type, the lower-layer protocol can offer some services to the higher-layer protocol to *help* it do the reassembly, but the higher-layer protocol has to do some of the work.

IP fragmentation/reassembly is an example of the first type.

Reassembly over TCP and TLS is an example of the second type.

What you're talking about *also* sounds like an example of the second type.

So you might want to look at the way TCP does it, and the helper routines it provides, such as tcp_dissect_pdus(), and that other parts of the code provide, such as req_resp_hdrs_do_reassembly().