NAME
Net::Pcap::Reassemble - IP fragment reassembly for Net::Pcap
SYNOPSIS
use Net::Pcap::Reassemble;
my $pcap_t = Net::Pcap::open_offline($opt_p, \$err);
if (!defined($pcap_t)) {
print STDERR "Net::Pcap::open_offline returned error: $err\n";
exit 1;
}
Net::Pcap::Reassemble::loop($pcap_t, -1, \&callback, "user data");
DESCRIPTION
This module is a wrapper for the loop() function of the Net::Pcap module. It performs IP fragment reassembly for fragmented datagrams in the libpcap dump data. It supports reassembly of IPv4 and IPv6 fragments.
FUNCTIONS
- loop($pcap, $count, \&callback, $user_data)
-
The
loop()
function in Net::Pcap::Reassemble is intended as a seamless wrapper around the same function from Net::Pcap and as such it takes the same arguments as it. Net::Pcap::Reassemble, however, will only invoke the&callback
function when it has a complete packet.The module will print debug information (mainly packet header values) if the
$debug
variable in the package namespace evaluates to true:$Net::Pcap::Reassemble::debug = 1;
OBJECTS
Fragment data is represented internally using Net::Pcap::Reassemble::Packet
and Net::Pcap::Reassemble::Fragment
objects.
- Net::Pcap::Reassemble::Packet
-
Each `Packet' object contains:
An ID: 'srcip dstip IPid protocol' for IPv4; 'srcip dstip IPid' for IPv6
A list of
Net::Pcap::Reassemble::Fragment
object referencesThe final octet, learned from the packet with MF==0
- Net::Pcap::Reassemble::Fragment
-
Each `Fragment' object contains:
Start octet
End octet
(M)ore (F)ragments flag (`MF' in IPv4; `M' in IPv6)
Payload data
SEE ALSO
BUGS
Stale fragments are not aged out of the pending fragment list.
This module offers no resistance against fragment overlap attacks, and other such malarky.
AUTHOR
James Raftery <james@now.ie>.