Wireshark mailing list archives
Re: Reassemble packets decoding - not proper
From: "Rach, Darshan" <DarshanR () nds com>
Date: Tue, 8 Dec 2009 16:03:26 +0530
Hi, Two queries. 1. Is it possible to display the actual payload in place of "Fragment data"? (please see the mail chain below for reference) 2. If the packets are fragmented, the last fragment is not shown and instead, shows "Message Reassembled". How is it possible to display even the last fragment as "Fragment n" and then, next, display the reassembled packet. To explain more about 2nd point, if there are 4 fragments, only 3 fragments are displayed as "Fragment 0", "Fragment 1" and "Fragment 2". The last fragment would be "Reassembled Message". I would want to display all 4 fragments and then the reassembled message separately. Regards, Darshan -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Guy Harris Sent: Monday, December 07, 2009 1:32 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Reassemble packets decoding - not proper On Dec 6, 2009, at 10:44 PM, Rach, Darshan wrote:
Kindly let me know what might have gone wrong.
Sorry, I forgot to indicate that, once you get to the point where you dissect the field with the "request satisfied" bit, you're dealing with a tvbuff that starts with that field, so you have to reset packet_field_offset to 0, *AND* you have to fetch fields using next_tvb, not tvb, so you're using that tvbuff: if (next_tvb == NULL) { /* Just a fragment - put an item into the protocol tree for the fragment data */ proto_tree_add_text(oqtp_tree, tvb, packet_field_offset, -1, "Fragment data"); } else { /* Not a fragment, or fragments were reassembled */ packet_field_offset = 0; /*Request Satisfied*/ request_satisfied = tvb_get_guint8(next_tvb, packet_field_offset); proto_tree_add_uint(oqtp_tree, hf_request_satisfied, next_tvb, packet_field_offset, 1, ((request_satisfied & 0x80) >> 7)); /*Reserved_for_future_use*/ reserved_for_future_use = ((tvb_get_guint8(next_tvb, packet_field_offset)& 0x7E) >> 1); proto_tree_add_uint(oqtp_tree, hf_reserved_for_future_use, next_tvb, packet_field_offset, 1, reserved_for_future_use ); /*No Extended pd syntax*/ no_extended_pd_syntax = (tvb_get_guint8(next_tvb, packet_field_offset) & 0x1); proto_tree_add_uint(oqtp_tree, hf_no_extended_pd_syntax, next_tvb, packet_field_offset, 1, no_extended_pd_syntax ); packet_field_offset += 1; /*Number of classifications*/ proto_tree_add_item(oqtp_tree, hf_num_classifications, next_tvb, packet_field_offset, 1, FALSE); num_classifications = tvb_get_guint8(next_tvb, packet_field_offset); packet_field_offset += 1; ... ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe This message is confidential and intended only for the addressee. If you have received this message in error, please immediately notify the postmaster () nds com and delete it from your system as well as any copies. The content of e-mails as well as traffic data may be monitored by NDS for employment and security purposes. To protect the environment please do not print this e-mail unless necessary. An NDS Group Limited company. www.nds.com ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Reassemble packets decoding - not proper Rach, Darshan (Dec 06)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 07)
- Re: Reassemble packets decoding - not proper Rach, Darshan (Dec 08)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 08)
- Re: Reassemble packets decoding - not proper Rach, Darshan (Dec 08)
- <Possible follow-ups>
- Re: Reassemble packets decoding - not proper Rach, Darshan (Dec 08)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 09)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 07)