Re: [Wireshark-dev] Reassembling Packets need some help plz
Hi Marcel, I did some work on those reassembly routines a few years ago, but I can only really repeat what Chris has said and encourage you to stick with it. I think you're doing the right thing with fragment_add_seq_check, so I'm not sure why it's always returning a NULL fragment_data. The main thing I would suggest would be to step through it with a debugger, and see whether its behaviour matches the comments. I certainly wouldn't rule out a bug in the reassembly routines, but I think that what you're doing is sufficiently standard that it's unlikely you've found an edge-case. On 26/09/11 08:43, Marcel Haas wrote: ... My solution atm is to write my own code to reassemble split packets. But this isn't that easy :) My code runs good without wireshark, now i have to built it in. Reassembling your own fragments does sound like hard work. Remember that in Wireshark, your dissector may not see the packets in the right order, may be called several times for each packet, etc. Getting your code to work with the facilities already in the codebase sounds like a more sensible endeavour to me. Good luck, Richard ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Reassembling Packets need some help plz
First at all thx Chris for the answer. The problem is that my packt isn't split by tcp or udp but split by themself. It only is transported by udp(udp header) The question is can i actually use fragment_add_seq_check to split my packets. Im looking for 2 weeks at this problem now. Makes me go crazy :) Im running out of time. My solution atm is to write my own code to reassemble split packets. But this isn't that easy :) My code runs good without wireshark, now i have to built it in. But if anyone have a solution for my fragment_add_seq_check problem i would be very thankful. Thanks and regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Reassembling Packets need some help plz
Marcel Haas inf462@... writes: Nobody an idea ? Hi Marcel, I'm sorry to say that I don't have any helpful advice for you. The problem is that reassembly can be very complicated, as you've discovered I'm sure. My personal experience with reassembly is limited, and fortunately for me, I've been lucky enough to able to make use of tcp_dissect_pdus() to do the most difficult work for me. In your case however, you're apparently not so lucky. But please don't be discouraged by the lack of feedback from the list. I think it only means that your situation is complicated and nobody has a very good solution for you or the time to really think through it thoroughly enough to provide you with some meaningful enough assistance. I hope you are able to work through your problem and come up with a solution. And if you do, you might even be so gracious as to share your results so that others can benefit from your experience. - Chris P.S. This same message also goes out to Martin Kaiser, who queried about similar complicated reassembly back in August ... although I *think* Martin was able to resolve his issue as I no longer find an open DVB-related bug with his name on it. (See http://www.wireshark.org/lists/wireshark-dev/201108/msg00243.html) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Reassembling Packets need some help plz
Nobody an idea ? On Tue, 20 Sep 2011 14:43:04 +0200, Marcel Haas inf...@fh-worms.de wrote: Hello, im just writeing my first dissector and i have some problems with the reassembling My prtocoll contain some fields for Snode =ID ,Packetnumber and total packets i get them with snode =tvb_get_guint8(tvb,offset);offset +=1; pnum =tvb_get_guint8(tvb,offset);offset +=1; totalp =tvb_get_guint8(tvb,offset); Example for a packet split into 3 : Snode=12 pnum=1 total=3 Sonde=12 pnum=2 total=3 Snode=12 pnum=3 total=3 the packet consists of an Trans Header, a App Header and Data. IF its fragmented only the frist packet consists auf tran,app and data the other fragments consists only of trans and data. For the reassembled tvb only the data are importent. the lengh of the trans-header r given in a field loh. I think my fragment_add_seq_check function doesnt work right cause everytime i get a 0 returned thx. Code: save_fragmented = pinfo-fragmented; if (totalp 1 pnum=totalp){//check if it has to be reassembled if(pnum==1){ offset2=loh+20;// First packet, Packet with Tran + App Header ,App Header =20 Byte } else{ offset2=loh; // Not First Packet only trans header } if(totalp==pnum){ more_frag=FALSE;}//Total Packet == pnum =Last Packet set more_frags =FALSE else {more_frag=TRUE;} // Not Last Packet =set more_frags=TRUE msg_seqid =snode; msg_num = pnum-1; pinfo-fragmented = TRUE; frag_msg = fragment_add_seq_check(tvb, offset2, pinfo, msg_seqid, // ID for fragments belonging together msg_fragment_table, // list of message fragments msg_reassembled_table, // list of reassembled messages msg_num, // fragment sequence number tvb_length_remaining(tvb, offset2), //fragment length - to the end more_frag); // More Frag printf(%d,(int)frag_msg);// PRINTF wieder raus new_tvb = process_reassembled_data(tvb, offset2, pinfo, Reassembled Message, frag_msg, msg_frag_items, NULL,nos_tree); if (frag_msg) { // Reassembled col_append_str(pinfo-cinfo, COL_INFO, (Message Reassembled)); } else { // Not last packet of reassembled Short Message col_append_fstr(pinfo-cinfo, COL_INFO, (Message fragment %u), msg_num); col_append_fstr(pinfo-cinfo, COL_INFO, (Frag: %u), pinfo-fragmented); col_append_fstr(pinfo-cinfo, COL_INFO, (Visit: %u), pinfo-fd-flags.visited); col_append_fstr(pinfo-cinfo, COL_INFO, (Fragmsg: %d), (int)frag_msg); } if (new_tvb) { // take it all col_append_str(pinfo-cinfo, COL_INFO, (NEW TVB)); //offset=0; //proto_tree_add_item(nos_tree, hf_nos_data, new_tvb, offset, -1, FALSE); next_tvb = new_tvb; } else { // make a new subset next_tvb = tvb_new_subset(tvb, offset2, -1, -1); } } else { // Not fragmented next_tvb = tvb_new_subset(tvb, offset2, -1, -1); } pinfo-fragmented = save_fragmented; ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Reassembling Packets need some help plz
Hello, im just writeing my first dissector and i have some problems with the reassembling My prtocoll contain some fields for Snode =ID ,Packetnumber and total packets i get them with snode =tvb_get_guint8(tvb,offset);offset +=1; pnum =tvb_get_guint8(tvb,offset);offset +=1; totalp =tvb_get_guint8(tvb,offset); Example for a packet split into 3 : Snode=12 pnum=1 total=3 Sonde=12 pnum=2 total=3 Snode=12 pnum=3 total=3 the packet consists of an Trans Header, a App Header and Data. IF its fragmented only the frist packet consists auf tran,app and data the other fragments consists only of trans and data. For the reassembled tvb only the data are importent. the lengh of the trans-header r given in a field loh. I think my fragment_add_seq_check function doesnt work right cause everytime i get a 0 returned thx. Code: save_fragmented = pinfo-fragmented; if (totalp 1 pnum=totalp){//check if it has to be reassembled if(pnum==1){ offset2=loh+20;// First packet, Packet with Tran + App Header ,App Header =20 Byte } else{ offset2=loh; // Not First Packet only trans header } if(totalp==pnum){ more_frag=FALSE;}//Total Packet == pnum =Last Packet set more_frags =FALSE else {more_frag=TRUE;} // Not Last Packet =set more_frags=TRUE msg_seqid =snode; msg_num = pnum-1; pinfo-fragmented = TRUE; frag_msg = fragment_add_seq_check(tvb, offset2, pinfo, msg_seqid, // ID for fragments belonging together msg_fragment_table, // list of message fragments msg_reassembled_table, // list of reassembled messages msg_num, // fragment sequence number tvb_length_remaining(tvb, offset2), //fragment length - to the end more_frag); // More Frag printf(%d,(int)frag_msg);// PRINTF wieder raus new_tvb = process_reassembled_data(tvb, offset2, pinfo, Reassembled Message, frag_msg, msg_frag_items, NULL,nos_tree); if (frag_msg) { // Reassembled col_append_str(pinfo-cinfo, COL_INFO, (Message Reassembled)); } else { // Not last packet of reassembled Short Message col_append_fstr(pinfo-cinfo, COL_INFO, (Message fragment %u), msg_num); col_append_fstr(pinfo-cinfo, COL_INFO, (Frag: %u), pinfo-fragmented); col_append_fstr(pinfo-cinfo, COL_INFO, (Visit: %u), pinfo-fd-flags.visited); col_append_fstr(pinfo-cinfo, COL_INFO, (Fragmsg: %d), (int)frag_msg); } if (new_tvb) { // take it all col_append_str(pinfo-cinfo, COL_INFO, (NEW TVB)); //offset=0; //proto_tree_add_item(nos_tree, hf_nos_data, new_tvb, offset, -1, FALSE); next_tvb = new_tvb; } else { // make a new subset next_tvb = tvb_new_subset(tvb, offset2, -1, -1); } } else { // Not fragmented next_tvb = tvb_new_subset(tvb, offset2, -1, -1); } pinfo-fragmented = save_fragmented; ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe