Wireshark-dev: Re: [Wireshark-dev] Reassembling captured frame with 2 splitted packets

From: Hans Glück <hanschris.glueck@xxxxxxxx>
Date: Tue, 21 Apr 2009 04:36:46 -0700 (PDT)
Yippee! I´ve got it!
I´ve copied & saved the packet info pinfo and reset the values after the first reassembling.

for (i = 0; i < num_of_packets_in_frame; i++){
   ...
   memcpy(&pinfo_tmp, pinfo,sizeof(*pinfo));
   ...
   frag_msg = fragment_add_seq_check(...);
   new_tvb = process_reassembled_data(...);
   ...
   pinfo = &pinfo_tmp;
}


Regards,
Chris



----- Ursprüngliche Mail ----
Von: Hans Glück <hanschris.glueck@xxxxxxxx>
An: wireshark-dev@xxxxxxxxxxxxx
Gesendet: Dienstag, den 21. April 2009, 12:05:51 Uhr
Betreff: [Wireshark-dev] Reassembling captured frame with 2 splitted packets



Hi,

I´m writing a dissector and want to reasemble splitted packets. Some of my captured packets have splitted packets inside - the end of packet x and the start of packet x+1.
But my dissector doesn´t handle such packets correctly. I made a loop to dissect/reassemble the two parts of the packet, but only one of these packets will be reassembled, the other one will be ignored.
But I do not know why! Are there some flags I have to (re-)set, e.g. pinfo->fd->flags.visited? Cause "reassemble.c" uses it...

Regards,
Chris



      

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe