Wireshark mailing list archives
Re: Someone please help me on this Reassemly fragmentation
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Wed, 25 Feb 2015 10:36:07 +0100
Le 25 févr. 2015 10:07, "Raj sekar" <mrajsekar () gmail com> a écrit :
i have a off-line capture file.. iam developing dissector for customised protocol i have a old ethereal tool for the same protocol now iam developing in
wireshark.
My message pdu got 3 different message types 1. Beginning of message 2. continuation of message 3. end of message in one Frame at a time it can receive any one of this message when it End of message sequence comes i need to reassemble whole PDU i have opened in ethereal tool and my output are like this Frame Number Message type pollflag NS (sequence Number) NR (SEquence ID) 283 Beginning of message 0 0 0 343 End of message 0 1 0 -> Reassembly done here 379 Beginning of message 0 2 1 414 Continuation of message 0 3 1 416 Continuation of message 0 4 1 417 End of Message 1 5 1 -> Reassembly done here 536 Beginning of message 0 6 2 541 End of meassage 0 7 2 -> Reassembly done here
Hi, I'm really happy to see that you did not follow the explanations and advices I gave you yesterday by private email because you contacted me directly instead of sending to the mailing list. As I told you your code cannot work as-is because it assumes that you will always get a begin - continuation - end sequence (so 3 fragments). If this is not the case and if you are sure to always receive the fragments in order, you could use an (evil ;)) global variable to keep track of the current fragment number. See a suggestion below in your code. If you put some effort in understanding what I explained you, and ensure that you are correctly setting the parameters of the reassembly API, it should work correctly.
I have used my code structure like this guint32 rem_length; guint8 iflag,pf,stype,flag_sel,num_sel,i,sflag; // guint32 pdu_len; guint8 save_fragmented; gboolean more_frags = FALSE; gboolean need_frag = FALSE; const *data = NULL; //tvbuff_t *try_tvb = NULL; //proto_item *frag_tree_item; tvbuff_t *rass_tvb = NULL; tvbuff_t *mns_tvb = NULL; guint32 msg_seqid;
replace it by: static guint32 msg_seqid = 0;
guint32 mns_seqid = 0; guint32 mns_seqnum = 0; fragment_head *frag_msg = NULL; gboolean reassembled = FALSE; //guint32 reassembled_in = 0; tvbuff_t * res_tvb = NULL; fragment_head * frag_head = NULL; proto_tree *ptree = NULL; ptree = proto_tree_get_parent(tree); pf = (tvb_get_guint8(next_tvb, offset_payload) & 0x40) >>6 ; //
Bit 7 pf
mns_seqnum = (tvb_get_ntohs(next_tvb, offset_payload) &
0x3ff00000) >>20; // 10 Bits are ns
offset_payload +=1; mns_seqid = (tvb_get_ntohs(next_tvb, offset_payload) &
0x0ffc0000) >>18; // 10 bits are nr
offset_payload +=1; stype = (tvb_get_guint8(next_tvb, offset_payload) & 0x03) ; // 2
bits LSB are Stype
offset_payload -=2; FT_BCnPDU_item = proto_tree_add_text(tree, next_tvb,
offset_payload, bctsdu_length, "BCnPDU (Formatted) : Information, I flag = 0x%02x, Pf = 0x%02x, Ns = 0x%02x, Nr = 0x%02x ", iflag,pf,mns_seqnum,mns_seqid );
FT_BCnPDU_tree = proto_item_add_subtree(FT_BCnPDU_item,
ett_FT_BCnPDU);
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1,
" bctsdu_length: %d", bctsdu_length);
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1,
"I flag : 0x%02x (%s)", iflag,val_to_str(iflag,true_false_vals,"%s"));
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1,
"Pf : 0x%02x (%d)", pf,pf);
proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 2,
"Ns : 0x%02x (%d)", mns_seqnum,mns_seqnum);
offset_payload +=1; bctsdu_length-=1; proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 2,
"Nr : 0x%02x (%d)", mns_seqid,mns_seqid);
offset_payload +=1; bctsdu_length-=1; proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1,
"BCnSegType : 0x%02x (%s)", stype,val_to_str(stype,BCn_Seg_Type_vals,"%s"));
offset_payload +=1; bctsdu_length-=1; switch (stype){ case 0x00: // Continuation of Message msg_seqid=1;
replace it by: msg_seqid++;
bctsdu_length+=1; rem_length = bctsdu_length; proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload,
rem_length , "PDU data : %d", rem_length);
break; case 0x01: // Beginning of Message msg_seqid=0; BCnPDU_stype_item = proto_tree_add_text(FT_BCnPDU_tree,
next_tvb, offset_payload, 1, "%s",val_to_str(stype,BCn_Seg_Type_vals,"%s"));
BCnPDU_stype_tree = proto_item_add_subtree(BCnPDU_stype_item,
ett_BCnPDU_stype);
BCnPDU_bom_item = proto_tree_add_text(BCnPDU_stype_tree,
next_tvb, offset_payload, 1, "MACSAPFLAGS");
BCnPDU_bom_tree = proto_item_add_subtree(BCnPDU_bom_item,
ett_BCnPDU_bom);
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x80)7 ; // Bit 8 - Flow Controlproto_tree_add_text(BCnPDU_bom_tree, next_tvb,
offset_payload, 1, "Flow Control : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x40)6 ; // Bit 7 - Reserved lproto_tree_add_text(BCnPDU_bom_tree, next_tvb,
offset_payload, 1, "Reserved l : 0x%02x (%d)", temp_val,temp_val);
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x20)5 ; // Bit 6 - Expeditedproto_tree_add_text(BCnPDU_bom_tree, next_tvb,
offset_payload, 1, "Expedited : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x10)4 ; // Bit 5 - OAM PDU Flagproto_tree_add_text(BCnPDU_bom_tree, next_tvb,
offset_payload, 1, "OAM PDU Flag : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x08)3 ; // Bit 4 - Reserved 2proto_tree_add_text(BCnPDU_bom_tree, next_tvb,
offset_payload, 1, "Reserved 2 : 0x%02x (%d)", temp_val,temp_val);
pdu_len = (tvb_get_ntohl(next_tvb, offset_payload) &
0x07ff0000) >>16; // PDU Length - 11 Bits
proto_tree_add_text(BCnPDU_bom_tree, next_tvb,
offset_payload, 2, "PDU Length : 0x%02x (%d)", pdu_len,pdu_len);
offset_payload+=2; bctsdu_length-=2; if (rem_length >= pdu_len){ rem_length-=2; proto_tree_add_text(BCnPDU_bom_tree, next_tvb,
offset_payload, rem_length, "PDU data (if) : %d ", rem_length);
} else { proto_tree_add_text(BCnPDU_bom_tree, next_tvb,
offset_payload, rem_length, "PDU data (else) : %d ", rem_length);
} break; case 0x02: // End of Message msg_seqid=2;
replace it by: msg_seqid++;
bctsdu_length+=2; more_frags=TRUE; rem_length = bctsdu_length; rem_length-=2; proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload,
rem_length , "PDU data : %d", rem_length);
disable_CRC=1; break; case 0x03: // Single Segment Message // No need of fragmentation and reassembly offset_payload+=1; bctsdu_length-=1; if (bctsdu_length>0){ ALSIGPDU(next_tvb, pinfo, tree); } break; } if ( stype==0x01 || stype==0x02 || stype==0x00 ){ pinfo->fragmented = TRUE; save_fragmented = pinfo->fragmented; frag_head =
fragment_add_check(&mns_reassembly_table,
next_tvb, offset_payload, pinfo, msg_seqid,
this should be mns_seqid
NULL, mns_seqid,
this should be msg_seqid
pdu_length, ((msg_seqid == 2)?0:1));
this should be: (stype == 0x02) ? FALSE : TRUE)
if (frag_head != NULL) { col_append_str(pinfo->cinfo, COL_INFO, "
[Fragment Successful]");
} else { col_append_str(pinfo->cinfo, COL_INFO, "
[Fragment Not Successful]");
} save_fragmented = pinfo->fragmented; pinfo->fragmented = FALSE; res_tvb = process_reassembled_data( next_tvb,
offset_payload, pinfo, "Reassembled PDU", frag_head, &mns_frag_items, NULL, FT_BCnPDU_tree );
save_fragmented = pinfo->fragmented; pinfo->fragmented = FALSE; if (res_tvb) { col_append_str(pinfo->cinfo, COL_INFO, " [mns
reassembled]");
} else { col_append_str(pinfo->cinfo, COL_INFO, "[mns
not reassembled ]");
} offset_payload+=rem_length; bctsdu_length-=rem_length; } I dont have any clue my fragmentation always not succesful. please
help.
Thanks Best Regards Raj
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Someone please help me on this Reassemly fragmentation Raj sekar (Feb 25)
- Re: Someone please help me on this Reassemly fragmentation Pascal Quantin (Feb 25)
- Message not available
- Re: Someone please help me on this Reassemly fragmentation Pascal Quantin (Feb 25)
- Re: Someone please help me on this Reassemly fragmentation Raj sekar (Feb 25)
- Re: Someone please help me on this Reassemly fragmentation Pascal Quantin (Feb 25)
- Message not available
- Re: Someone please help me on this Reassemly fragmentation Pascal Quantin (Feb 25)