Wireshark-dev: [Wireshark-dev] Need Your Support on Reassembling of packets
From: Raj sekar <mrajsekar@xxxxxxxxx>
Date: Wed, 3 Dec 2014 18:54:12 +0800
Hi All,
greetings!
Iam Developing Custom Dissector and i have almost finished and got stuck in Reassemble of packets.
I have been posting question on wireshark website and could not get the solution.
PLEASE HELP ME ON THIS !
My code is below and do not know whats wrong in this. Reassembly TVB itself not created.
I have also posted questions here
Please Help!
Thanks!
Best Regards,
Raj
guint8 flag,poll,stype,sflag,flag_sel,num_sel,i;
guint16 seq_num_s,seq_num_r;
guint32 rem_length;
guint8 save_fragmented;
coseq_num_st guint32 mte_seqid=0;
coseq_num_st void *data = NULL;
gboolean more_frags=TRUE;
proto_item *frag_tree_item;
flag = (tvb_get_guint8(next_tvb, offset_payload) & 0x80) >>7 ; // Bit 8 to check i pdu /s pdu or sseg pdu
if (flag == 0x00){ // flag "0" is for i-pdu
poll = (tvb_get_guint8(next_tvb, offset_payload) & 0x40) >>6 ; // Bit 7 poll
seq_num_s = (tvb_get_ntohs(next_tvb, offset_payload) & 0x3ff0) >>4 ; // 10 Bits are seq_num_s
offset_payload +=1;
seq_num_r= (tvb_get_ntohs(next_tvb, offset_payload) & 0x0ffc) >>2 ; // 10 bits are seq_num_r
offset_payload +=1;
stype = (tvb_get_guint8(next_tvb, offset_payload) & 0x03) ; // 2 bits LSB are Stype
offset_payload -=2;
FT_connPDU_item = proto_tree_add_text(tree, next_tvb, offset_payload, sdu_length, "BCnPDU (Formatted) : Information, I flag = 0x%02x, poll = 0x%02x, seq_num_s = 0x%02x, seq_num_r = 0x%02x ", iflag,poll,seq_num_s,seq_num_r );
FT_connPDU_tree = proto_item_add_subtree(FT_connPDU_item, ett_FT_BCnPDU);
proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, 1, " sdu_length: %d", sdu_length);
proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, 1, "flag : 0x%02x (%s)", iflag,val_to_str(iflag,true_false_vals,"%s"));
proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, 1, "poll : 0x%02x (%d)", poll,poll);
proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, 2, "seq_num_s : 0x%02x (%d)", seq_num_s,seq_num_s);
offset_payload +=1;
sdu_length-=1;
proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, 2, "seq_num_r : 0x%02x (%d)", seq_num_r,seq_num_r);
offset_payload +=1;
sdu_length-=1;
proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, 1, "BConseq_num_segType : 0x%02x (%s)", stype,val_to_str(stype,BCn_Seg_Type_vals,"%s"));
offset_payload +=1;
sdu_length-=1;
switch (stype){
case 0x00: // Continuation of Message
sdu_length+=1;
rem_length = (guint32) sdu_length;
proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, rem_length , "PDU data : %d", rem_length);
offset_payload +=rem_length;
sdu_length-=rem_length;
proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, 1 , "sdu_length: %d", sdu_length);
save_fragmented = pinfo->fragmented;
pinfo->fragmented = TRUE;
mte_frag_msg = fragment_add_seq_next(&mte_reassembly_table,next_tvb, offset_payload, pinfo, mte_seqid, NULL, rem_length, more_frags);
pinfo->fragmented = save_fragmented;
col_set_str(pinfo->cinfo, COL_INFO, " mte segment of a reassembled PDU");
if (sdu_length>0){
SIG_PDU(next_tvb, pinfo, tree);
}
break;
case 0x01: // Beginning of Message
BCnPDU_stype_item = proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, 1, "%s",val_to_str(stype,BCn_Seg_Type_vals,"%s"));
BCnPDU_stype_tree = proto_item_add_subtree(BCnPDU_stype_item, ett_BCnPDU_stype);
BCnPDU_bom_item = proto_tree_add_text(BCnPDU_stype_tree, next_tvb, offset_payload, 1, "MACSApollLAGS");
BCnPDU_bom_tree = proto_item_add_subtree(BCnPDU_bom_item, ett_BCnPDU_bom);
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x80) >>7 ; // Bit 8 - Flow Control
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Flow Control : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x40) >>6 ; // Bit 7 - Reserved l
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Reserved l : 0x%02x (%d)", temp_val,temp_val);
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x20) >>5 ; // Bit 6 - Expedited
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Expedited : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x10) >>4 ; // Bit 5 - OAM PDU Flag
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "OAM PDU Flag : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x08) >>3 ; // Bit 4 - Reserved 2
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Reserved 2 : 0x%02x (%d)", temp_val,temp_val);
pl_val = (tvb_get_ntohs(next_tvb, offset_payload) & 0x07ff); // PDU Length - 11 Bits
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 2, "PDU Length : 0x%02x (%d)", pl_val,pl_val);
pl_val = (guint32)pl_val;
fragment_set_tot_len(&mte_reassembly_table, pinfo,mte_seqid, NULL, pl_val);
offset_payload+=2;
sdu_length+=2;
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, " sdu_length: %d", sdu_length);
rem_length= (guint32) tvb_length_remaining(next_tvb, offset_payload);
rem_length-=2;
if (rem_length >= pl_val){
rem_length-=2;
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, rem_length, "PDU data : %d ", rem_length);
offset_payload+=sdu_length;
} else {
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, rem_length, "PDU data : %d ", rem_length);
offset_payload+=rem_length;
}
save_fragmented = pinfo->fragmented;
pinfo->fragmented = TRUE;
mte_frag_msg = fragment_add_seq_next(&mte_reassembly_table, next_tvb, offset_payload, pinfo, mte_seqid, NULL, rem_length, more_frags);
pinfo->fragmented = save_fragmented;
col_set_str(pinfo->cinfo, COL_INFO, " mte segment of a reassembled PDU ");
pinfo->fragmented = save_fragmented;
break;
case 0x02: // End of Message
sdu_length+=2;
more_frags=FALSE;
rem_length = (guint32) sdu_length;
rem_length-=2;
proto_tree_add_text(FT_connPDU_tree, next_tvb, offset_payload, rem_length , "PDU data : %d", rem_length); offset_payload +=rem_length;
disable_CRC=1;
save_fragmented = pinfo->fragmented;
pinfo->fragmented = TRUE;
mte_frag_msg = fragment_add_seq_next(&mte_reassembly_table,next_tvb, offset_payload, pinfo, mte_seqid, NULL, rem_length, more_frags); mte_frag_msg = fragment_get_reassembled_id(&mte_reassembly_table, pinfo, mte_seqid);
//mte_tvb = tvb_new_chain(next_tvb, mte_frag_msg->tvb_data);
mte_tvb = process_reassembled_data(next_tvb, offset_payload, pinfo, "mte Reassembled PDU", mte_frag_msg, &mte_frag_items, NULL, tree );
if (mte_tvb) { /* Reassembled */
try_tvb=mte_tvb;
col_append_str(pinfo->cinfo, COL_INFO,"(Message reassembled) ");
add_new_data_source(pinfo, try_tvb, "Reassembled mte");
show_fragment_tree(mte_frag_msg, &mte_frag_items,tree, pinfo, try_tvb, &frag_tree_item);
} else { /* Not last packet of reassembled message */
col_append_str(pinfo->cinfo, COL_INFO,"(Message fragment) ");
}
pinfo->fragmented = save_fragmented;
if (mte_tvb){
SIG_PDU(mte_tvb, pinfo, tree);
} else {
SIG_PDU(next_tvb, pinfo, tree);
offset_payload+=sdu_length;
}
break;
- Follow-Ups:
- Re: [Wireshark-dev] Need Your Support on Reassembling of packets
- From: Huffman, Joseph
- Re: [Wireshark-dev] Need Your Support on Reassembling of packets
- Prev by Date: Re: [Wireshark-dev] The possibility of a curses based Wireshark
- Next by Date: Re: [Wireshark-dev] Need Your Support on Reassembling of packets
- Previous by thread: Re: [Wireshark-dev] The possibility of a curses based Wireshark
- Next by thread: Re: [Wireshark-dev] Need Your Support on Reassembling of packets
- Index(es):