Wireshark mailing list archives

Re: Question regarding the reassembled_key

From: "Liu Chunfang-CCL083" <ChunfangLiu () motorola com>
Date: Thu, 20 May 2010 18:13:53 -0400

If  I redefine the reassembled_key structure and rewrite those functions
you mentioned below, I also need to rewrite a lot of functions defined
in the reassemble.c. Because currently I just write plugin dissectors
and only give the plugin dissectors to our user,  I do not want to
modify the reassemble.c file and create a private version wireshark for
our user.
 
I'd like to redefine the reassembled_key as following:
 
typedef struct _reassembled_key {
 guint32 id;
 guint32 frame;
 guint32 frag_number;
} reassembled_key;

Can this be added to wish list?
 
Thanks,
Chunfang
 
________________________________

From: "Mike Morrin" <Mike.Morrin () ipaccess com>
Date: Sun, 9 May 2010 08:27:27 +0100

[mm] You probably need to define a new key structure that allows the
fragments to be uniquely keyed.

You will need to write new xxx_key_copy(), xxx_equal(), xxx_hash()
functions for your new key type.  IMO, the key types and functions
should all be outside of reassemble.c, so that that file does not need
to be touched when a key type is added or changed (the reassemble.c file
structure does not currently support this). 

Depending on the characteristics of the protocol you are reassembling,
you may find other limitations in reassemble.c.


________________________________

From: Liu Chunfang-CCL083 
Sent: Friday, May 07, 2010 3:28 PM
To: 'wireshark-dev () wireshark org'
Subject: Question regarding the reassembled_key


All,
 
I have a special reassemble case. In my case, all the fragments need to
be reassembled are in the same frame. Currently the reassembled_key in
the reassemble.c file is defined as:
 
typedef struct _reassembled_key {
 guint32 id;
 guint32 frame;
} reassembled_key;

So from the first to the last fragment can get the reassembled message
and be decoded several times. See an example in following GUI. Anyone
has any idea how can I fix this?
 
 
 
Thanks,
Chunfang

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Question regarding the reassembled_key Liu Chunfang-CCL083 (May 08)
- Re: Question regarding the reassembled_key Mike Morrin (May 09)
- <Possible follow-ups>
- Re: Question regarding the reassembled_key Liu Chunfang-CCL083 (May 22)
  - Re: Question regarding the reassembled_key Stephen Fisher (May 22)