Wireshark mailing list archives
Re: Reassemble packets decoding - not proper
From: "Rach, Darshan" <DarshanR () nds com>
Date: Wed, 9 Dec 2009 10:45:31 +0530
Hi Regarding the 2nd point, I tried as you have suggested. But in vain :( Let me explain what I am trying to do in detail: Currently, I am able to display fragments as shown in the below picture. In the picture, there is also "Fragment 12" in the packet list. But, that fragment is not shown, and instead, "Message Reassembled" is being displayed. I am looking for something like this: Display "Fragment 12" and then in the next line, display "Reassembled Message". Is it possible that way? [cid:image001.png@01CA78BC.B91E83D0] Regards, Darshan -----Original Message----- From: Guy Harris [mailto:guy () alum mit edu] Sent: Wednesday, December 09, 2009 1:51 AM To: Rach, Darshan Cc: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Reassemble packets decoding - not proper On Dec 8, 2009, at 2:33 AM, Rach, Darshan wrote:
Two queries.
1. Is it possible to display the actual payload in place of
"Fragment data"? (please see the mail chain below for reference)
What do you mean by "display the actual payload"?
2. If the packets are fragmented, the last fragment is not shown and
instead, shows "Message Reassembled". How is it possible to display
even the last fragment as "Fragment n" and then, next, display the
reassembled packet.
Try something such as this:
if(((block_number == 0) && (last_packet_flag == 0)) ||
(block_number > 0))
{
/*darshan*/
pkt->fragmented = TRUE;
/* Add this fragment to the protocol tree. */
proto_tree_add_text(oqtp_tree, tvb, packet_field_offset, -1,
"Fragment data");
frag_msg = fragment_add_seq_check(tvb, packet_field_offset, pkt,
msgid, /* ID for fragments belonging
together */
msg_fragment_table, /* list of message
fragments */
msg_reassembled_table, /* list of
reassembled messages */
block_number, /* fragment sequence
number */
tvb_length_remaining(tvb,
packet_field_offset), /*
fragment length - to the end */
!last_packet_flag); /* More fragments?
*/
new_tvb = process_reassembled_data(tvb, packet_field_offset, pkt,
"Reassembled OQTP Message",
frag_msg,
&msg_frag_items,
NULL,
oqtp_tree);
/* Reassembled */
if (frag_msg)
{
col_append_str(pkt->cinfo, COL_INFO,
"(Reassembled OQTP Response)");
}
else
{
/* Not last packet of reassembled short message */
col_append_fstr(pkt->cinfo, COL_INFO,
"(OQTP fragment %u)", block_number);
}
if (new_tvb) /* take it all */
{
next_tvb = new_tvb;
}
else
{
/* We cannot dissect anything yet, as we don't have a
reassembled packet */
next_tvb = NULL;
}
}
else
{
next_tvb = tvb_new_subset(tvb, packet_field_offset, -1, -1);
}
/*restoring fragmented state*/
pkt->fragmented = save_fragmented;
if (next_tvb != NULL)
{
/* Not a fragment, or fragments were reassembled */
packet_field_offset = 0;
/*Request Satisfied*/
request_satisfied = tvb_get_guint8(tvb, packet_field_offset);
proto_tree_add_uint(oqtp_tree, hf_request_satisfied, tvb,
packet_field_offset, 1, ((request_satisfied & 0x80) >> 7));
/*Reserved_for_future_use*/
reserved_for_future_use = ((tvb_get_guint8(tvb,
packet_field_offset)& 0x7E) >> 1);
proto_tree_add_uint(oqtp_tree, hf_reserved_for_future_use, tvb,
packet_field_offset, 1, reserved_for_future_use );
/*No Extended pd syntax*/
no_extended_pd_syntax = (tvb_get_guint8(tvb, packet_field_offset)
& 0x1);
proto_tree_add_uint(oqtp_tree, hf_no_extended_pd_syntax, tvb,
packet_field_offset, 1, no_extended_pd_syntax );
packet_field_offset += 1;
/*Number of classifications*/
proto_tree_add_item(oqtp_tree, hf_num_classifications, tvb,
packet_field_offset, 1, FALSE);
num_classifications = tvb_get_guint8(tvb, packet_field_offset);
packet_field_offset += 1;
for(loop_index = 0 ; loop_index < num_classifications ; +
+loop_index)
{
...
}
...
}
break;
________________________________
This message is confidential and intended only for the addressee. If you have received this message in error, please
immediately notify the postmaster () nds com and delete it from your system as well as any copies. The content of
e-mails as well as traffic data may be monitored by NDS for employment and security purposes.
To protect the environment please do not print this e-mail unless necessary.
An NDS Group Limited company. www.nds.com
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Reassemble packets decoding - not proper Rach, Darshan (Dec 06)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 07)
- Re: Reassemble packets decoding - not proper Rach, Darshan (Dec 08)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 08)
- Re: Reassemble packets decoding - not proper Rach, Darshan (Dec 08)
- <Possible follow-ups>
- Re: Reassemble packets decoding - not proper Rach, Darshan (Dec 08)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 09)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 07)