Wireshark mailing list archives

Re: [Help_Wireshark] difference between fragmentation reassembly functions

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Wed, 5 Jul 2017 07:06:10 +0200

[once more, please keep wireshark-bugs mailing list in copy, thanks]

Le 5 juil. 2017 06:41, "hhw hhw" <hhw.hhw7 () gmail com> a écrit :

hi pascal. thank you very very... much.
i shall change my dissector code. Now, my packets are like :
packet nb  sequence id    sequence number  message type
1          16             0                0 Begin
2          16             1                1 Continue
3          16             2                2 End (more_frag=FALSE)
----------------------------------------------------------------------

4          5              11               0 Begin
5          5              12               1 Continue
6          5              13               2 End  (more_frag=FALSE)
-----------------------------------------------------------------------
7          16             20               0 Begin
8          16             21               1 Continue
9          16             22               2 End (more_frag=FALSE)

i use messagetype instead of morefrag. When messagetype=2 it means
more_frag=FALSE and  this should complete reassembly.but i have problem,
and packets 4,5,6 and packets 7,8,9  aren't reassembled.
my fragment may start at any sequence number (zero or non zero) . if an END
message has been received a sequence id can assaign to another groups of
packets( like id =16) .can you HELP me?


As I already explained in my previous message, the reassembly API expects
the frag_number parameter to start from 0 for the first fragment of a given
message and increase by 1 for each new fragment of the same message. If you
apply this rule it will just work.
I don't know why you stopped using morefrag (which was perfectly fine) but
if your messages always have up to 3 fragments you could use the message
type as frag_number. If you can have several Continue packets for the same
message, then you need to find another way to provide the frag_number
parameter.

Best regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: [Help_Wireshark] difference between fragmentation reassembly functions Pascal Quantin (Jul 04)
- <Possible follow-ups>
- Re: [Help_Wireshark] difference between fragmentation reassembly functions Pascal Quantin (Jul 04)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: [Help_Wireshark] difference between fragmentation reassembly functions Pascal Quantin (Jul 04)
    - Message not available
    - Message not available
    - Re: [Help_Wireshark] difference between fragmentation reassembly functions Pascal Quantin (Jul 05)
    - Re: [Help_Wireshark] difference between fragmentation reassembly functions John Thacker (Jul 05)
    - Re: [Help_Wireshark] difference between fragmentation reassembly functions hhw hhw (Jul 12)