Wireshark-dev: Re: [Wireshark-dev] Reassembling: pinfo and 2 functions

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: <gogrady@xxxxxxxxx>
Date: Tue, 28 Apr 2009 15:38:07 +0000
Hi,

>If I rememeber correctly from previus post bnp runs on top of TCP.
I would write a BNP dissector that does TCP reassembly(I think that was
one of your problems) your BNP dissector would then be feed
>BNP messages.

Yes BNP is TCP. I figured out how to do TCP Reassembly, so i am getting whole packets before it goes into my code.

>Is the next layer a new protocol that can be segmented if
so write a dissector for that one and let that do reassembly,
How to do it depends a bit on the protocol, if it contains sequence
>numbers for instance.

I have a function that can dissect whole messages (which are message and all information elements), the 3 bnp bytes are for telling what type it is and then how much data is after it. if the bnp is type 3, then it means i have to reassembly the data sections from packets 3,4,5 before sending it to be dissected. If sequence numbers you mean the first bnp byte which declares start of multi-part, middle of multi part and end of multi part then yes. 

>Packet-sccp.c does reassembly and can perhaps be used as a reference.
I'll take a closer look at this right now

Greg

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of
gogrady@xxxxxxxxx
Sent: den 28 april 2009 16:56
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Reassembling: pinfo and 2 functions

Hello people,

I am trying to reassembly my messages and am having a lot of trouble
understanding how it works. I dont quite understand the process that it
goes through and when to call functions / set variables. From looking at
other dissectors it looks like these are the things to change:

gboolean fragmented;
guint16 can_desegment;
int desegment_offset;
guint32 desegment_len;

a fragment_data object

fragment_add_check()
process_reassembled_data()

but i'm having trouble understanding what each of these really do or how
to manipulate them to say that a certain part of the buffer if part of a
message and how to add to it and then display it. 

Any help explaining these more would be great help. I've read
reassemble.h and looked at teh source, but i'm not sure how to use them
in actual code. I've also looked at packet-scsi.c and still dont
understand how to implement these with my dissector. which im trying to
reassemble a multi-part message which goes like this:

bnp header [3](3 bytes) + message and information elements bnp header
[4](3 bytes) + information elements bnp header [4](3 bytes) +
information elements bnp header [5](3 bytes) + information elements

bnp header: byte 1 - type [types: 2 whole data, 3 multi part start, 4
middle, 5 end of multi part]
            byte 2,3 - number of bytes after bnp header. 

so i would like to take just the data sections for reassembly:
message and information elements + information elements + information
elements + information elements

and then have that sent to be dissected as a whole packet.

Thank you in advance to whoever can help,

Greg


________________________________________________________________________
___
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe