Wireshark mailing list archives
complex problem
From: Marcel Haas <inf462 () Fh-Worms DE>
Date: Thu, 13 Oct 2011 11:40:01 +0200
Hey,maybe the problem isnt so complex to solve but its complex for me to explain. :)
I have written my own reassemble code and it seems to work. But i have one big problem. If i set the filter and click apply, it works,because it goes trough every packet. And I get my reassemble msg after the packet but if now click at the reassemble packet there is now reassemble tvb. I know the reason for that cause he interpret every packet one on one
Example: Filter is set click at Apply Packet: 1 -frag Packet: 2 -frag Packet: 3 -Reassemble (last frag)If i click at Packet 3 he interprets only packet 3. He doesnt see packet 1 2
and so he bulits now Reass Tvb. Maybe im calling my function at the worng position. Code: static void dissect_xxx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){ ... if(tree){ ... }// Fragment Routine------------------------------------------------------------------------------------
if(totalp >1){frag_tvb =tvb_new_subset(tvb,offset2,-1,-1); // Get the TVB
big_tvb=ListenElementEinfuegen(NeuesListenElement(snode,pnum,totalp,frag_tvb)); // Reass Function
if (big_tvb) { // Reassembled Big_tvb != NULL col_append_str(pinfo->cinfo, COL_INFO, " (Message Reassembled)");add_new_data_source(pinfo,big_tvb,"Defrag TVB"); // ADD new Data Source
} else { // Not last packet of reassembled Short Message Big_tvb == NULL
col_append_fstr(pinfo->cinfo, COL_INFO, " (Message fragment %u)", pnum); col_append_fstr(pinfo->cinfo, COL_INFO, " (Frag: %u)", pinfo->fd -> num); col_append_fstr(pinfo->cinfo, COL_INFO, " (Visit: %u)", pinfo->fd->flags.visited); } } } I hope someone understand my problem and have a good idea/solution :) thx and regards Marcel ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- complex problem Marcel Haas (Oct 13)
- Re: complex problem Jeff Morriss (Oct 13)
- Re: complex problem Marcel Haas (Oct 14)
- Re: complex problem Jeff Morriss (Oct 18)
- Re: complex problem Marcel Haas (Oct 26)
- Re: complex problem Jeff Morriss (Oct 27)
- Re: complex problem Marcel Haas (Oct 14)
- Re: complex problem Jeff Morriss (Oct 13)
- Re: complex problem fab12 (Oct 18)
- Re: complex problem Richard van der Hoff (Oct 18)