Ethereal-dev: [Ethereal-dev] Packet reassemble problems

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Martin Warnes <martin@xxxxxxxxxxxxxxxxx>
Date: Wed, 15 Feb 2006 18:24:30 +0000
Hi list,

I'm having some difficulties with reassembly for a protocol that runs
atop TCP and despite having read the developer notes on the topic and
looked at some of the other dissectors that use reassembly I still can't
fathom out what the problem is.

The protocol in question can span multiple packets, the first packet in
the sequence contains a header with the total number of bytes. The
second and subsequent packets in the sequence contain  no header
information so the only method available to combine the packets is the
byte count from the first header.

What I've done in my code is identify whether the packet is fragmented
and if it is a header or continuation packet, and this seems to work.
The problem comes when I try and combine the second packet to the first
header packet, no matter what I've tried the packets are identified as
separate packet fragments in the display with the column info
description "(Packet Fragment" against both (i.e no reassembly).

Below is the section of code that I'm using, if anyone  can spot
anything obvious  I really appreciate it.

Cheers .. Martin


    next_tvb = tvb_new_subset(tvb, offset, -1, -1);

    is_fragment = FALSE;
    gboolean fragment_hdr = TRUE;
    save_fragmented = pinfo->fragmented;

    /* If the total number of bytes reported by the header(s) is greater
than the reported length */
    /* then this is the first part of a searies of fragmented
packet.                                        */
    if (tcp2tot > tvb_reported_length (tvb)) {
      is_fragment = TRUE;
    }
    /* If the number of headers in the packets is zero then this is the
second or a subsequent    */
    /* packet fragment and needs to be
reassembled                                       */
    if (tcp2count == 0) {
      is_fragment = TRUE;
      fragment_hdr = FALSE;
    }

    /* Start packet reassembly  */
    if (is_fragment) {
      tvbuff_t* new_tvb = NULL;
      fragment_data *frag_msg = NULL;
      guint16 msg_seqid = 1;
      pinfo->fragmented = TRUE;

      /* Add packet fragment */
      frag_msg = fragment_add_seq_next(tvb, offset, pinfo,
                    msg_seqid, /* ID for fragments belonging together */
                    msg_fragment_table, /* list of message fragments */
                    msg_reassembled_table, /* list of reassembled
messages */
                    tvb_length_remaining(tvb, offset), /* fragment
length - to the end */
                    TRUE); /* More fragments? */

      /* The header, or first packet in a fragmented sequence contains
the total number of bytes */
      /* expected in the fragmented
packets                                                      */
      if (fragment_hdr) {
    fragment_set_tot_len(pinfo, msg_seqid, msg_fragment_table, tcp2tot);
      }
      proto_tree_add_text(cdirect_tree, tvb, offset, -1,"Fragmented
Packet");
      new_tvb = process_reassembled_data(tvb, offset, pinfo,
                     "Reassembled Packet", frag_msg, &msg_frag_items,
                     NULL, tree);
     
      if (frag_msg) { /* Reassembled */
    if (check_col(pinfo->cinfo, COL_INFO))
      col_append_str(pinfo->cinfo, COL_INFO,
             " (Packet Reassembled)");
      } else { /* Not last packet of reassembled Short Message */
    if (check_col(pinfo->cinfo, COL_INFO))
      col_append_fstr(pinfo->cinfo, COL_INFO,
              " (Packet Fragment");
      }
     
      if (new_tvb) { /* take it all */
    next_tvb = new_tvb;
      } else { /* make a new subset */
    next_tvb = tvb_new_subset(tvb, offset, -1, -1);
      }
      pinfo->fragmented = save_fragmented;

    }
   
    /* Continue dissection */

   /*
***************************************************************************
     * Start building the GUI display 
     *
***************************************************************************
     */
    if (tree)
      {

----------------------------------------------------------
Scanned by ClamAV antivirus system - http://www.clamav.net
Virus signatures last updated: Wed Feb 15 17:30:04 2006