Wireshark-dev: Re: [Wireshark-dev] Fragmentation

From: David Aggeler <david_aggeler@xxxxxxxxxx>
Date: Tue, 22 Feb 2011 21:15:36 +0100
Subhasree,

Welcome to the club. Even though my opinion is not shared widely, there's no good TCP reassembly API in place to handle unknown length reassembly at TCP level reliably. If yo know the length, tcp_

It sounds like you need to use 'fragment_add_seq_next()' to add the items to a list and then use 'process_reassembled_data()' to copy the data parts into a new tvb structure and pass it on to the dissector. They are not designed for TCP, but for all protocols, hence they do not obey TCP sessions and TCP sequence numbers.

Even though I do not consider my using in packet-dcm.c a reference, you still may want to look at dissect_dcm_pdv_fragmented() to have a look how I used it for TCP reassembly. There are other dissectors as well that us this at TCP level.

The trick is to get offset right, i.e. matching your protocol. I had to debug the fragment_add_seq_next() to understand it.

Doing this is prone to out of sequence packets and there's no guarantee, that the dissector is called in order of the packets coming in. So that's what I currently live with.

And make sure you do this before filtering by 'if (tree) ..'

Regards
David


Am 21.02.2011 07:56, schrieb Subhasree R:

Hi,

 

 

I am implementing one new protocol over TCP layer. I am implementing fragment_add_check() for fragmentation.

In this protocol, there was no sequence id, i.e 4th parameter.

Could you please help me how to check the upcoming packets as continous packets?

In this protocol, the starting flag is 1 and the ending flag is 0. But ending flag is coming at the 8321 packet only.

I want to display each packet as fragment 1, fragment 2, fragment n.

 

 

Thanks,

Subhasree

 

 



"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe