Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Problems with dissecting fragmented packets

From: "Yosi Saggi" <yosis () designartnetworks com>
Date: Tue, 16 Nov 2010 14:20:31 +0200
Hi ,

I'm writing a dissector for our LTE PHY packets. I have started working
on fragmented packets. These are Ethernet packets that are fragmented
with some proprietary limitation. Nevertheless we have a PI header
(under the Ethernet header) that is always there in any fragment. The PI
header contains what I thought is sufficient data for the fragment
functions such as: size - the size of the PI message payload, Fragment
(full, first, mid and last for indication as in what part of the
fragmented packet are we) and sequence - message sequence index. I have
used the "fragment_add_seq_check()" and the "process_reassembled_data()"
functions to reassemble the packets but with no success. I get no
reassembled packets. Only an indication on the fragments. I followed the
"How to reassemble split packet" section 9.4 in the developers guide. I
also went through the code over and over and see no problem. It seems
that there is no use for the "LAST" indication of the fragmentation.
After the last one I should have got a reassembled packet.

 

I am adding screenshots of the capture:

1.       All - 3 regular packets and then the data packet is fragmented
into 4 packets

2.       F1 - The first fragmented packet. Its fragment flag field is =
"1" meaning FIRST

3.       F2 - The second fragmented packet. Its fragment flag field is =
"2" meaning MID (2 and 3 are the same)

4.       F4 - The fourth fragmented packet. Its fragment flag field is =
"3" meaning LAST. This is the indicator meaning there are no more
fragments belonging to the packet.

 

I have also added the part of the code I wrote for dissecting the
fragments. You can also see on the screenshots, I have added a few
prints: flags - fragment state, msg_seq - packet sequence, frag_msg and
new_tvb.

 

Any help will be much appreciated

 

Yosi

Attachment: frag_code.txt
Description: frag_code.txt

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: