Hi Marcel,
I did some work on those reassembly routines a few years ago, but I can
only really repeat what Chris has said and encourage you to stick with
it. I think you're doing the right thing with fragment_add_seq_check, so
I'm not sure why it's always returning a NULL fragment_data. The main
thing I would suggest would be to step through it with a debugger, and
see whether its behaviour matches the comments.
I certainly wouldn't rule out a bug in the reassembly routines, but I
think that what you're doing is sufficiently standard that it's unlikely
you've found an edge-case.
On 26/09/11 08:43, Marcel Haas wrote:
...
My solution atm is to write my own code to reassemble split packets.
But this isn't that easy :)
My code runs good without wireshark, now i have to built it in.
Reassembling your own fragments does sound like hard work. Remember that
in Wireshark, your dissector may not see the packets in the right order,
may be called several times for each packet, etc. Getting your code to
work with the facilities already in the codebase sounds like a more
sensible endeavour to me.
Good luck,
Richard