Wireshark mailing list archives
Re: Reassemble packets decoding - not proper
From: Guy Harris <guy () alum mit edu>
Date: Tue, 8 Dec 2009 12:21:18 -0800
On Dec 8, 2009, at 2:33 AM, Rach, Darshan wrote:
Two queries. 1. Is it possible to display the actual payload in place of "Fragment data"? (please see the mail chain below for reference)
What do you mean by "display the actual payload"?
2. If the packets are fragmented, the last fragment is not shown and instead, shows "Message Reassembled". How is it possible to display even the last fragment as "Fragment n" and then, next, display the reassembled packet.
Try something such as this:
if(((block_number == 0) && (last_packet_flag == 0)) ||
(block_number > 0))
{
/*darshan*/
pkt->fragmented = TRUE;
/* Add this fragment to the protocol tree. */
proto_tree_add_text(oqtp_tree, tvb, packet_field_offset, -1,
"Fragment data");
frag_msg = fragment_add_seq_check(tvb, packet_field_offset, pkt,
msgid, /* ID
for fragments belonging together */
msg_fragment_table, /* list of message fragments */
msg_reassembled_table, /* list of reassembled messages */
block_number,
/* fragment sequence number */
tvb_length_remaining(tvb, packet_field_offset), /*
fragment length - to the end */
!last_packet_flag); /* More fragments? */
new_tvb = process_reassembled_data(tvb, packet_field_offset, pkt,
"Reassembled
OQTP Message",
frag_msg,
&msg_frag_items,
NULL,
oqtp_tree);
/* Reassembled */
if (frag_msg)
{
col_append_str(pkt->cinfo, COL_INFO,
"(Reassembled OQTP Response)");
}
else
{
/* Not last packet of reassembled short message */
col_append_fstr(pkt->cinfo, COL_INFO,
"(OQTP fragment %u)", block_number);
}
if (new_tvb) /* take it all */
{
next_tvb = new_tvb;
}
else
{
/* We cannot dissect anything yet, as we don't have a
reassembled packet */
next_tvb = NULL;
}
}
else
{
next_tvb = tvb_new_subset(tvb, packet_field_offset, -1, -1);
}
/*restoring fragmented state*/
pkt->fragmented = save_fragmented;
if (next_tvb != NULL)
{
/* Not a fragment, or fragments were reassembled */
packet_field_offset = 0;
/*Request Satisfied*/
request_satisfied = tvb_get_guint8(tvb, packet_field_offset);
proto_tree_add_uint(oqtp_tree, hf_request_satisfied, tvb,
packet_field_offset, 1, ((request_satisfied & 0x80) >> 7));
/*Reserved_for_future_use*/
reserved_for_future_use = ((tvb_get_guint8(tvb,
packet_field_offset)& 0x7E) >> 1);
proto_tree_add_uint(oqtp_tree, hf_reserved_for_future_use, tvb,
packet_field_offset, 1, reserved_for_future_use );
/*No Extended pd syntax*/
no_extended_pd_syntax = (tvb_get_guint8(tvb, packet_field_offset)
& 0x1);
proto_tree_add_uint(oqtp_tree, hf_no_extended_pd_syntax, tvb,
packet_field_offset, 1, no_extended_pd_syntax );
packet_field_offset += 1;
/*Number of classifications*/
proto_tree_add_item(oqtp_tree, hf_num_classifications, tvb,
packet_field_offset, 1, FALSE);
num_classifications = tvb_get_guint8(tvb, packet_field_offset);
packet_field_offset += 1;
for(loop_index = 0 ; loop_index < num_classifications ; +
+loop_index)
{
...
}
...
}
break;
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Reassemble packets decoding - not proper Rach, Darshan (Dec 06)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 07)
- Re: Reassemble packets decoding - not proper Rach, Darshan (Dec 08)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 08)
- Re: Reassemble packets decoding - not proper Rach, Darshan (Dec 08)
- <Possible follow-ups>
- Re: Reassemble packets decoding - not proper Rach, Darshan (Dec 08)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 09)
- Re: Reassemble packets decoding - not proper Guy Harris (Dec 07)