Although i was able to reassemble and dissect 3 packets sent sequential, by using the tcp_dissect_pdus method ,
once a message is greater then 1500 bytes and is being divided into fragments (not by me) , the tcp_dissect_pdus method , doesn't help anymore , and my dissector is never called .
Whats the difference ?
should i do something different if the message is disassembled not by me .
thanks
>but i noticed that the TCP checksum test fails
That may be an issue. Try disabling TCP checksum validation in the preferences for TCP.
By default, TCP reassembly will ignore all packets with a checksum failure or "short" packets. (i.e. packets captures with a snaplen smaller than the ethernet mtu)
On Mon, Feb 23, 2009 at 9:57 PM, יוני תובל
<yoni6666@xxxxxxxxx> wrote:
hi , thanks .
it seems to be working , but only when i raise the flag "pinfo->can_desegment=1 " inside the get_len method .
but i noticed that the TCP checksum test fails in all the reassembled packets .
why is that ?
actually it also fails when i send the whole message in one buffer ...
so its probably a different issue . . .
thanks
On Feb 23, 2009, at 12:59 AM, יוני תובל wrote:
> i tried to return the entire message length . still fails .
> (it only succeeds when the tvb consists of the entire message )
> What about he offest value we pass to the get_len method .
It's the offset into the tvbuff handed to the get_len routine of the
first byte of the packet whose length should be returned.
Presumably the PDUs consist of a 2-byte length field (in network byte
order?) followed by that number of bytes of data, and, in the get_len
routine, you fetch the length value from the packet, add 2 to it, and
return that value.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe