Wireshark-dev: Re: [Wireshark-dev] reasebling packets - dissector question
From: יוני תובל <yoni6666@xxxxxxxxx>
Date: Mon, 23 Feb 2009 14:41:28 +0200
Although i was able to reassemble and dissect  3 packets sent sequential, by using the tcp_dissect_pdus method ,
once a message is greater then  1500 bytes and is being divided into fragments (not by me) , the tcp_dissect_pdus  method , doesn't help anymore , and my dissector is never called .
 
Whats the difference  ?
should i do something different if the message is disassembled not by me .
 
 
thanks

 
2009/2/23 ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
>but i noticed that the TCP checksum test fails

That may be an issue. Try disabling TCP checksum validation in the preferences for TCP.

By default, TCP reassembly will ignore all packets with a checksum failure or "short" packets. (i.e. packets captures with a snaplen smaller than the ethernet mtu)




On Mon, Feb 23, 2009 at 9:57 PM, יוני תובל <yoni6666@xxxxxxxxx> wrote:
hi , thanks .
it seems to be working , but only when i raise the flag "pinfo->can_desegment=1  "  inside the get_len method .
but i noticed that the TCP checksum test fails in all the reassembled packets .
why is that ?
actually it also fails when i send the whole message in one buffer ...
so its probably a different issue . . .
 

thanks
2009/2/23 Guy Harris <guy@xxxxxxxxxxxx>

On Feb 23, 2009, at 12:59 AM, יוני תובל wrote:

> i tried to return the entire message length . still fails .
> (it only succeeds when the tvb consists of the entire message )
> What about he offest value we pass to the get_len method .

It's the offset into the tvbuff handed to the get_len routine of the
first byte of the packet whose length should be returned.

Presumably the PDUs consist of a 2-byte length field (in network byte
order?) followed by that number of bytes of data, and, in the get_len
routine, you fetch the length value from the packet, add 2 to it, and
return that value.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe