Wireshark-dev: Re: [Wireshark-dev] [Help_Wireshark] difference between fragmentation reassembly

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Wed, 5 Jul 2017 07:06:10 +0200
[once more, please keep wireshark-bugs mailing list in copy, thanks]

Le 5 juil. 2017 06:41, "hhw hhw" <hhw.hhw7@xxxxxxxxx> a écrit :
hi pascal. thank you very very... much.
i shall change my dissector code. Now, my packets are like :
packet nb  sequence id    sequence number  message type  
1          16             0                0 Begin              
2          16             1                1 Continue               
3          16             2                2 End (more_frag=FALSE)
----------------------------------------------------------------------             
4          5              11               0 Begin               
5          5              12               1 Continue         
6          5              13               2 End  (more_frag=FALSE) 
-----------------------------------------------------------------------   
7          16             20               0 Begin              
8          16             21               1 Continue               
9          16             22               2 End (more_frag=FALSE)      

i use messagetype instead of morefrag. When messagetype=2 it means more_frag=FALSE and  this should complete reassembly.but i have problem, and packets 4,5,6 and packets 7,8,9  aren't reassembled.
my fragment may start at any sequence number (zero or non zero) . if an END message has been received a sequence id can assaign to another groups of packets( like id =16) .can you HELP me?

As I already explained in my previous message, the reassembly API expects the frag_number parameter to start from 0 for the first fragment of a given message and increase by 1 for each new fragment of the same message. If you apply this rule it will just work.
I don't know why you stopped using morefrag (which was perfectly fine) but if your messages always have up to 3 fragments you could use the message type as frag_number. If you can have several Continue packets for the same message, then you need to find another way to provide the frag_number parameter.

Best regards,
Pascal.