Wireshark-dev: [Wireshark-dev] Someone please help me on this Reassemly fragmentation
i have a off-line capture file..
iam developing dissector for customised protocol
i have a old ethereal tool for the same protocol now iam developing in wireshark.
My message pdu got 3 different message types
1. Beginning of message
2. continuation of message
3. end of message
in one Frame at a time it can receive any one of this message
when it End of message sequence comes i need to reassemble whole PDU
| Frame Number | Message type | pollflag | NS (sequence Number) | NR (SEquence ID) | |||
| 283 | Beginning of message | 0 | 0 | 0 | |||
| 343 | End of message | 0 | 1 | 0 | -> Reassembly done here | ||
| 379 | Beginning of message | 0 | 2 | 1 | |||
| 414 | Continuation of message | 0 | 3 | 1 | |||
| 416 | Continuation of message | 0 | 4 | 1 | |||
| 417 | End of Message | 1 | 5 | 1 | -> Reassembly done here | ||
| 536 | Beginning of message | 0 | 6 | 2 | |||
| 541 | End of meassage | 0 | 7 | 2 | -> Reassembly done here | ||
I have used my code structure like this
guint32 rem_length;
guint8 iflag,pf,stype,flag_sel,num_sel,i,sflag; //
guint32 pdu_len;
guint8 save_fragmented;
gboolean more_frags = FALSE;
gboolean need_frag = FALSE;
const *data = ""
//tvbuff_t *try_tvb = NULL;
//proto_item *frag_tree_item;
tvbuff_t *rass_tvb = NULL;
tvbuff_t *mns_tvb = NULL;
guint32 msg_seqid;
guint32 mns_seqid = 0;
guint32 mns_seqnum = 0;
fragment_head *frag_msg = NULL;
gboolean reassembled = FALSE;
//guint32 reassembled_in = 0;
tvbuff_t * res_tvb = NULL;
fragment_head * frag_head = NULL;
proto_tree *ptree = NULL;
ptree = proto_tree_get_parent(tree);
pf = (tvb_get_guint8(next_tvb, offset_payload) & 0x40) >>6 ; // Bit 7 pf
mns_seqnum = (tvb_get_ntohs(next_tvb, offset_payload) & 0x3ff00000) >>20; // 10 Bits are ns
offset_payload +=1;
mns_seqid = (tvb_get_ntohs(next_tvb, offset_payload) & 0x0ffc0000) >>18; // 10 bits are nr
offset_payload +=1;
stype = (tvb_get_guint8(next_tvb, offset_payload) & 0x03) ; // 2 bits LSB are Stype
offset_payload -=2;
FT_BCnPDU_item = proto_tree_add_text(tree, next_tvb, offset_payload, bctsdu_length, "BCnPDU (Formatted) : Information, I flag = 0x%02x, Pf = 0x%02x, Ns = 0x%02x, Nr = 0x%02x ", iflag,pf,mns_seqnum,mns_seqid );
FT_BCnPDU_tree = proto_item_add_subtree(FT_BCnPDU_item, ett_FT_BCnPDU);
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, " bctsdu_length: %d", bctsdu_length);
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, "I flag : 0x%02x (%s)", iflag,val_to_str(iflag,true_false_vals,"%s"));
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, "Pf : 0x%02x (%d)", pf,pf);
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 2, "Ns : 0x%02x (%d)", mns_seqnum,mns_seqnum);
offset_payload +=1;
bctsdu_length-=1;
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 2, "Nr : 0x%02x (%d)", mns_seqid,mns_seqid);
offset_payload +=1;
bctsdu_length-=1;
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, "BCnSegType : 0x%02x (%s)", stype,val_to_str(stype,BCn_Seg_Type_vals,"%s"));
offset_payload +=1;
bctsdu_length-=1;
switch (stype){
case 0x00: // Continuation of Message
msg_seqid=1;
bctsdu_length+=1;
rem_length = bctsdu_length;
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, rem_length , "PDU data : %d", rem_length);
break;
case 0x01: // Beginning of Message
msg_seqid=0;
BCnPDU_stype_item = proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, "%s",val_to_str(stype,BCn_Seg_Type_vals,"%s"));
BCnPDU_stype_tree = proto_item_add_subtree(BCnPDU_stype_item, ett_BCnPDU_stype);
BCnPDU_bom_item = proto_tree_add_text(BCnPDU_stype_tree, next_tvb, offset_payload, 1, "MACSAPFLAGS");
BCnPDU_bom_tree = proto_item_add_subtree(BCnPDU_bom_item, ett_BCnPDU_bom);
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x80) >>7 ; // Bit 8 - Flow Control
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Flow Control : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x40) >>6 ; // Bit 7 - Reserved l
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Reserved l : 0x%02x (%d)", temp_val,temp_val);
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x20) >>5 ; // Bit 6 - Expedited
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Expedited : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x10) >>4 ; // Bit 5 - OAM PDU Flag
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "OAM PDU Flag : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x08) >>3 ; // Bit 4 - Reserved 2
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Reserved 2 : 0x%02x (%d)", temp_val,temp_val);
pdu_len = (tvb_get_ntohl(next_tvb, offset_payload) & 0x07ff0000) >>16; // PDU Length - 11 Bits
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 2, "PDU Length : 0x%02x (%d)", pdu_len,pdu_len);
offset_payload+=2;
bctsdu_length-=2;
if (rem_length >= pdu_len){
rem_length-=2;
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, rem_length, "PDU data (if) : %d ", rem_length);
} else {
proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, rem_length, "PDU data (else) : %d ", rem_length);
}
break;
case 0x02: // End of Message
msg_seqid=2;
bctsdu_length+=2;
more_frags=TRUE;
rem_length = bctsdu_length;
rem_length-=2;
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, rem_length , "PDU data : %d", rem_length);
disable_CRC=1;
break;
case 0x03: // Single Segment Message
// No need of fragmentation and reassembly
offset_payload+=1;
bctsdu_length-=1;
if (bctsdu_length>0){
ALSIGPDU(next_tvb, pinfo, tree);
}
break;
}
if ( stype==0x01 || stype==0x02 || stype==0x00 ){
pinfo->fragmented = TRUE;
save_fragmented = pinfo->fragmented;
frag_head = fragment_add_check(&mns_reassembly_table,
next_tvb,
offset_payload,
pinfo,
msg_seqid,
NULL,
mns_seqid,
pdu_length,
((msg_seqid == 2)?0:1));
if (frag_head != NULL) {
col_append_str(pinfo->cinfo, COL_INFO, " [Fragment Successful]");
} else {
col_append_str(pinfo->cinfo, COL_INFO, " [Fragment Not Successful]");
}
save_fragmented = pinfo->fragmented;
pinfo->fragmented = FALSE;
res_tvb = process_reassembled_data( next_tvb, offset_payload, pinfo, "Reassembled PDU", frag_head, &mns_frag_items, NULL, FT_BCnPDU_tree );
save_fragmented = pinfo->fragmented;
pinfo->fragmented = FALSE;
if (res_tvb) {
col_append_str(pinfo->cinfo, COL_INFO, " [mns reassembled]");
} else {
col_append_str(pinfo->cinfo, COL_INFO, "[mns not reassembled ]");
}
offset_payload+=rem_length;
bctsdu_length-=rem_length;
}
- Follow-Ups:
- Re: [Wireshark-dev] Someone please help me on this Reassemly fragmentation
- From: Pascal Quantin
- Re: [Wireshark-dev] Someone please help me on this Reassemly fragmentation
- Prev by Date: Re: [Wireshark-dev] Can we put android phone device connected over USB to Win 7 PC in promiscous mode?
- Next by Date: Re: [Wireshark-dev] Someone please help me on this Reassemly fragmentation
- Previous by thread: Re: [Wireshark-dev] Protocol Export objects - New Dissector Development
- Next by thread: Re: [Wireshark-dev] Someone please help me on this Reassemly fragmentation
- Index(es):