Re: Problems with dissecting fragmented packets

[Jeff Morriss <jeff.morriss.ws () gmail com>]

Yosi Saggi wrote:
> Hi ,
>
> I'm writing a dissector for our LTE PHY packets. I have started working 
> on fragmented packets. These are Ethernet packets that are fragmented 
> with some proprietary limitation. Nevertheless we have a PI header 
> (under the Ethernet header) that is always there in any fragment. The PI 
> header contains what I thought is sufficient data for the fragment 
> functions such as: size - the size of the PI message payload, Fragment 
> (full, first, mid and last for indication as in what part of the 
> fragmented packet are we) and sequence - message sequence index. I have 
> used the "fragment_add_seq_check()" and the "process_reassembled_data()" 
> functions to reassemble the packets but with no success. I get no 
> reassembled packets. Only an indication on the fragments. I followed the 
> "How to reassemble split packet" section 9.4 in the developers guide. I 
> also went through the code over and over and see no problem. It seems 
> that there is no use for the "LAST" indication of the fragmentation. 
> After the last one I should have got a reassembled packet.

I'm no reassembly expert, but are you sure the code you quoted is called 
even when (!tree)?  The reassembly code only works on the first pass 
(when tree is NULL).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe