Re: Reassembly Fragment fail

[Pascal Quantin <pascal.quantin () gmail com>]

2015-02-17 8:59 GMT+01:00 Raj sekar <mrajsekar () gmail com>:

> Hi,
>
>
> Hi ,
>
> Iam developing a custom dissector on top of UDP which uses PDCP layer PDU
> RFC 2507 Selective Repeat ARQ Mechanism for segmentation and Reassembly.
>
> My message contains
>
>           Beginning of Message
>
>           continuation of message and
>
>           end of message
>
> Messages are not coming in sequence and based on sequence number and
> message id i need to reassemble.
>
> I dont know whether i should use
>
>           conversation or
>
>           add_fragment_seq_next or
>
>           add_fragment_seq_check
>
> Please suggest. I got stuck with this for long time.
> Why is my code below not working? The fragmentation itself not successful
> and thus reassembly not working. Please suggest!

Hi,

first of all I highly suggest you to read
https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html#idp424235420
and have a look at how it is used by other dissectors.


> switch (stype) {
> case 0x00: // Continuation of Message
>     msg_seqid = 2;
>     rem_length = bctsdu_length;
>     proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, rem_length, "PDU data : %d", rem_length);
>     break;
> case 0x01: // Beginning of Message
>     msg_seqid = 1;
>     proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 2, "PDU Length : 0x%02x (%d)", pdu_len, pdu_len);
>     rem_length = tvb_length_remaining(next_tvb, offset_payload);
>     rem_length -= 2;
>     proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, rem_length, "PDU data  : %d ", rem_length);
>
>     break;
> case 0x02: // End of Message
>     msg_seqid = 3;
>     bctsdu_length += 2;
>     more_frags = FALSE;
>     rem_length = bctsdu_length;
>     rem_length -= 2;
>     proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, rem_length, "PDU data : %d", rem_length);
>     disable_CRC = 1;
>     break;
> case 0x04: // Single Segment Message
>     ---- // doesn't need fragment/reassembly
>       break;
> }
>
> if (msg_seqid == 1 || msg_seqid == 2 || msg_seqid == 3) {
>     save_fragmented = pinfo->fragmented;
>     pinfo->fragmented = TRUE;
>     frag_msg = fragment_add_seq_check(&mns_reassembly_table,
>                                       next_tvb,
>                                       offset_payload,
>                                       pinfo,
>                                       mns_seqnum,
>
> What is this mns_seqnum parameter? Do you confirm it changes between PDUs
and is the same for all fragments of a given PDU?

>                                       NULL,
>                                       mns_seqid,
>
> mns_seqid should start from 0 while here you are starting it from 1. It
means that the API is endlessly waiting for the first fragment. As
indicated in reassemble.h header file:

 * These functions add a new fragment to the fragment hash table,
 * assuming that frag_number is a block sequence number (starting from zero
for
 * the first fragment of each datagram).


>                                       rem_length,
>                                       more_frags);
>     if (frag_msg) {
>         col_append_fstr(pinfo->cinfo, COL_INFO, " mns segment of a FRAGMENT PDU");
>     } else {
>         col_append_fstr(pinfo->cinfo, COL_INFO, " FRAGMENT NOT DONE ");
>     }
> }
> if (more_frags == FALSE) {
>
> This code should be done unconditionally, and not only when you receive
the last fragment (especially as you could receive the last before the
other ones). So remove this (more_frags == FALSE) check.

>     save_fragmented = pinfo->fragmented;
>     pinfo->fragmented = FALSE;
>
>     rass_tvb = process_reassembled_data(next_tvb,
>                                         offset_payload,
>                                         pinfo,
>                                         "Reassembled Message",
>                                         frag_msg,
>                                         &mns_frag_items,
>                                         NULL,
>                                         FT_BCnPDU_tree);
>     if (rass_tvb) {
>         col_append_str(pinfo->cinfo, COL_INFO, "(Message reassembled ) ");
>         ALSIGPDU(rass_tvb, pinfo, FT_BCnPDU_tree);
>     }
> }
>
> I am always getting the FRAGMENT NOT DONE error.



> Thanks
>
>
>
> Raj
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe