Re: [Help_Wireshark] difference between fragmentation reassembly functions

[Pascal Quantin <pascal.quantin () gmail com>]

Le 5 juil. 2017 07:16, "hhw hhw" <hhw.hhw7 () gmail com> a écrit :

according to answer of this question ( https://ask.wireshark.org/ques
tions/61818/how-to-reassemble-fragments-in-a-dissector-by-
fragment_add_seq_check-function ), I need to use fragment_add_check(), but if
i use fragment_add_check function packets 1,2,3 reassembled incorrectly and
hf_msg_fragment_overlap fields is true, and packets 4,5,6 aren't
reassembled.


It's up to you: either you follow my explanation of why your reassembly
fails and you modify your code accordingly (and it will work) or you
continue not listening to advices.
In my first reply I told you how to use fragment_add_check (I got it
working with the sample you posted on ask site) and why you should probably
avoid it.


On Wed, Jul 5, 2017 at 9:39 AM, hhw hhw <hhw.hhw7 () gmail com> wrote:

> i stopped using morefrag because i want to show start and end of a
> reassembling process.   and my messages always dont have up to 3
> fragments.
>
> On Wed, Jul 5, 2017 at 9:36 AM, Pascal Quantin <pascal.quantin () gmail com>
> wrote:
>
> > [once more, please keep wireshark-bugs mailing list in copy, thanks]
> >
> >
> > Le 5 juil. 2017 06:41, "hhw hhw" <hhw.hhw7 () gmail com> a écrit :
> >
> > hi pascal. thank you very very... much.
> > i shall change my dissector code. Now, my packets are like :
> > packet nb  sequence id    sequence number  message type
> > 1          16             0                0 Begin
> > 2          16             1                1 Continue
> > 3          16             2                2 End (more_frag=FALSE)
> > ----------------------------------------------------------------------
> >
> > 4          5              11               0 Begin
> > 5          5              12               1 Continue
> > 6          5              13               2 End  (more_frag=FALSE)
> > -----------------------------------------------------------------------
> >
> > 7          16             20               0 Begin
> > 8          16             21               1 Continue
> > 9          16             22               2 End (more_frag=FALSE)
> >
> > i use messagetype instead of morefrag. When messagetype=2 it means
> > more_frag=FALSE and  this should complete reassembly.but i have problem,
> > and packets 4,5,6 and packets 7,8,9  aren't reassembled.
> > my fragment may start at any sequence number (zero or non zero) . if an
> > END message has been received a sequence id can assaign to another groups
> > of packets( like id =16) .can you HELP me?
> >
> >
> > As I already explained in my previous message, the reassembly API expects
> > the frag_number parameter to start from 0 for the first fragment of a given
> > message and increase by 1 for each new fragment of the same message. If you
> > apply this rule it will just work.
> > I don't know why you stopped using morefrag (which was perfectly fine)
> > but if your messages always have up to 3 fragments you could use the
> > message type as frag_number. If you can have several Continue packets for
> > the same message, then you need to find another way to provide the
> > frag_number parameter.
> >
> > Best regards,
> > Pascal.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe