Wireshark mailing list archives
Re: complex problem
From: Marcel Haas <inf462 () Fh-Worms DE>
Date: Wed, 26 Oct 2011 10:56:59 +0200
On Tue, 18 Oct 2011 13:49:55 -0400, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:
Marcel Haas wrote:On Thu, 13 Oct 2011 09:03:38 -0400, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:Hmm okay, but e.g. epan/dissectors/packet-atalk.c use the fragment_add_seq_check function after if(tree) :(Marcel Haas wrote:Hey,maybe the problem isnt so complex to solve but its complex for me to explain. :) I have written my own reassemble code and it seems to work. But i have one big problem. If i set the filter and click apply, it works,because it goes trough every packet. And I get my reassemble msg after the packet but if now click at the reassemble packet there is now reassemble tvb. I know the reason for that cause he interpret every packet one on oneExample: Filter is set click at Apply Packet: 1 -frag Packet: 2 -frag Packet: 3 -Reassemble (last frag)If i click at Packet 3 he interprets only packet 3. He doesnt see packet 1 2and so he bulits now Reass Tvb.The part about not seeing packets 1 and 2 when clicking on packet 3is correct. You must do all your reassembly in the first pass (read: even when !tree--which it appears you're doing) and it must be storedin such a way that when it's (only) re-dissecting packet 3 it will have the data from packets 1 and 2 available to it. I suspect that your custom reassembly routine isn't doing this latter part.(Yes, this means that Reassembly requires using lots of memory. Seehttp://wiki.wireshark.org/KnownBugs/OutOfMemory .) ___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribeActually from what I saw of the code snippet you sent, I thought you did NOT have the "reassembly inside if(tree)" problem. That's why I supposed your problem was the 2nd part: you need to store the fragments the first (and only first) time you see the fragment. pinfo->fd->flags.visited can be used as an indicator to tell your dissector "we've seen this frame before, don't pass it to the reassembly routines." ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribe
If have solved it last week.. now im using the wireshark reass function again . i put the reass function befor If(tree) and its working.I dont understand why it doesnt work after if(tree){} but its working fine now, so im happy :)
Regards Marcel ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- complex problem Marcel Haas (Oct 13)
- Re: complex problem Jeff Morriss (Oct 13)
- Re: complex problem Marcel Haas (Oct 14)
- Re: complex problem Jeff Morriss (Oct 18)
- Re: complex problem Marcel Haas (Oct 26)
- Re: complex problem Jeff Morriss (Oct 27)
- Re: complex problem Marcel Haas (Oct 14)
- Re: complex problem Jeff Morriss (Oct 13)
- Re: complex problem fab12 (Oct 18)
- Re: complex problem Richard van der Hoff (Oct 18)