How to read fragmented IP packets in LUA script to display complete user defined protocol fields?

Question

I have a LUA script which will display user defined protocol fields on Wireshark, when the protocol filter is enabled and packet is not fragmented.

When the packet is fragmented My user defined dissector would fail as the next segment is not processed.

How to achieve this? Say when I highlight first packet all the fragmented packets must be assembled and displayed? When ever the fragmented packet is highlighted, a notice saying check the first packet for full values?

How to achieve this, this is the task given to me in new company, please help.

Answer 1

You have to assemble the different packets yourself. I created the following code in my dissector to assemble fragmented packages:

function my_proto.dissector(buffer,pinfo,tree)
    local subtree = tree:add(my_proto, buffer(),"My Packet")
    repeat
       if buffer:len() - len >= 6 then
           len = len + 4 * packet_size
           if len > buffer:len() then
               pinfo.desegment_len = len - buffer:len()
               return
           end
       else
           pinfo.desegment_len = DESEGMENT_ONE_MORE_SEGMENT
           return
       end
    until len >= buffer:len()
    ---
    --- From here the normal protocol code
    subtree:add( .... )
     ...
end

Answer 2

How to achieve this?

Turn on the "Reassemble fragmented IPv4 datagrams" preference for IPv4, or the "Reassemble fragmented IPv6 datagrams" for IPv6, so that Wireshark will reassemble fragmented IP packets for you.