Wireshark mailing list archives
Re: complex problem
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Thu, 27 Oct 2011 10:53:13 -0400
Marcel Haas wrote:
On Tue, 18 Oct 2011 13:49:55 -0400, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:Marcel Haas wrote:On Thu, 13 Oct 2011 09:03:38 -0400, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:Hmm okay, but e.g. epan/dissectors/packet-atalk.c use the fragment_add_seq_check function after if(tree) :(Marcel Haas wrote:Hey,maybe the problem isnt so complex to solve but its complex for me to explain. :) I have written my own reassemble code and it seems to work. But i have one big problem. If i set the filter and click apply, it works,because it goes trough every packet. And I get my reassemble msg after the packet but if now click at the reassemble packet there is now reassemble tvb. I know the reason for that cause he interpret every packet one on oneExample: Filter is set click at Apply Packet: 1 -frag Packet: 2 -frag Packet: 3 -Reassemble (last frag)If i click at Packet 3 he interprets only packet 3. He doesnt see packet 1 2and so he bulits now Reass Tvb.The part about not seeing packets 1 and 2 when clicking on packet 3 is correct. You must do all your reassembly in the first pass (read: even when !tree--which it appears you're doing) and it must be stored in such a way that when it's (only) re-dissecting packet 3 it will have the data from packets 1 and 2 available to it. I suspect that your custom reassembly routine isn't doing this latter part. (Yes, this means that Reassembly requires using lots of memory. See http://wiki.wireshark.org/KnownBugs/OutOfMemory .)___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribeActually from what I saw of the code snippet you sent, I thought you did NOT have the "reassembly inside if(tree)" problem. That's why I supposed your problem was the 2nd part: you need to store the fragments the first (and only first) time you see the fragment. pinfo->fd->flags.visited can be used as an indicator to tell your dissector "we've seen this frame before, don't pass it to the reassembly routines."___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribeIf have solved it last week.. now im using the wireshark reass function again . i put the reass function befor If(tree) and its working.I dont understand why it doesnt work after if(tree){} but its working fine now, so im happy :)
The problem is that the code inside if(tree) does not necessarily see every frame (because tree is generally NULL on the first complete pass through the file). Reassembly has to see every frame in order to work.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- complex problem Marcel Haas (Oct 13)
- Re: complex problem Jeff Morriss (Oct 13)
- Re: complex problem Marcel Haas (Oct 14)
- Re: complex problem Jeff Morriss (Oct 18)
- Re: complex problem Marcel Haas (Oct 26)
- Re: complex problem Jeff Morriss (Oct 27)
- Re: complex problem Marcel Haas (Oct 14)
- Re: complex problem Jeff Morriss (Oct 13)
- Re: complex problem fab12 (Oct 18)
- Re: complex problem Richard van der Hoff (Oct 18)