Wireshark-dev: Re: [Wireshark-dev] Question regarding the reassembled_key

From: "Liu Chunfang-CCL083" <ChunfangLiu@xxxxxxxxxxxx>
Date: Thu, 20 May 2010 18:13:53 -0400
If  I redefine the reassembled_key structure and rewrite those functions you mentioned below, I also need to rewrite a lot of functions defined in the reassemble.c. Because currently I just write plugin dissectors and only give the plugin dissectors to our user,  I do not want to modify the reassemble.c file and create a private version wireshark for our user.
 
I'd like to redefine the reassembled_key as following:
 
typedef struct _reassembled_key {
 guint32 id;
 guint32 frame;
 guint32 frag_number;
} reassembled_key;
Can this be added to wish list?
 
Thanks,
Chunfang
 

From: "Mike Morrin" <Mike.Morrin () ipaccess com>
Date: Sun, 9 May 2010 08:27:27 +0100
[mm] You probably need to define a new key structure that allows the
fragments to be uniquely keyed.

You will need to write new xxx_key_copy(), xxx_equal(), xxx_hash()
functions for your new key type.  IMO, the key types and functions
should all be outside of reassemble.c, so that that file does not need
to be touched when a key type is added or changed (the reassemble.c file
structure does not currently support this).

Depending on the characteristics of the protocol you are reassembling,
you may find other limitations in reassemble.c.


From: Liu Chunfang-CCL083
Sent: Friday, May 07, 2010 3:28 PM
To: 'wireshark-dev@xxxxxxxxxxxxx'
Subject: Question regarding the reassembled_key

All,
 
I have a special reassemble case. In my case, all the fragments need to be reassembled are in the same frame. Currently the reassembled_key in the reassemble.c file is defined as:
 
typedef struct _reassembled_key {
 guint32 id;
 guint32 frame;
} reassembled_key;
So from the first to the last fragment can get the reassembled message and be decoded several times. See an example in following GUI. Anyone has any idea how can I fix this?
 
 
Thanks,
Chunfang