Hi , I'm writing a dissector for our LTE PHY packets. I have started working on fragmented packets. These are Ethernet packets that are fragmented with some proprietary limitation. Nevertheless we have a PI header (under the Ethernet header) that is always there in any fragment. The PI header contains what I thought is sufficient data for the fragment functions such as: size - the size of the PI message payload, Fragment (full, first, mid and last for indication as in what part of the fragmented packet are we) and sequence - message sequence index. I have used the "fragment_add_seq_check()" and the "process_reassembled_data()" functions to reassemble the packets but with no success. I get no reassembled packets. Only an indication on the fragments. I followed the "How to reassemble split packet" section 9.4 in the developers guide. I also went through the code over and over and see no problem. It seems that there is no use for the "LAST" indication of the fragmentation. After the last one I should have got a reassembled packet. I am adding screenshots of the capture: 1. All – 3 regular packets and then the data packet is fragmented into 4 packets 2. F1 – The first fragmented packet. Its fragment flag field is = “1” meaning FIRST 3. F2 – The second fragmented packet. Its fragment flag field is = “2” meaning MID (2 and 3 are the same) 4. F4 – The fourth fragmented packet. Its fragment flag field is = “3” meaning LAST. This is the indicator meaning there are no more fragments belonging to the packet. I have also added the part of the code I wrote for dissecting the fragments. You can also see on the screenshots, I have added a few prints: flags – fragment state, msg_seq – packet sequence, frag_msg and new_tvb. Any help will be much appreciated Yosi |
Attachment:
all.JPG
Description: all.JPG
Attachment:
f1.JPG
Description: f1.JPG
if(flags != FR_FULL)
{
tvbuff_t* new_tvb = NULL;
fragment_data *frag_msg = NULL;
guint16 msg_seq = tvb_get_ntohs(tvb,4) + 1;
offset = len;
msg_id = 1;
proto_tree_add_text(tree, tvb, 0, -1,"msg_seq: %d",msg_seq);
pinfo->fragmented = TRUE;
frag_msg = fragment_add_seq_check(tvb,offset,pinfo,msg_id,dan_fragment_table,
dan_reassembled_table,msg_seq,tvb_length_remaining(tvb,offset),(flags == FR_LAST));
if (frag_msg == NULL)
proto_tree_add_text(tree, tvb, 0, -1,"frag_msg: %s","NULL");
else
{
if(frag_msg->next != NULL)
proto_tree_add_text(tree, tvb, 0, -1,"frag_msg->next: %u",frag_msg->next);
else
proto_tree_add_text(tree, tvb, 0, -1,"frag_msg->next: %s","NULL");
}
new_tvb = process_reassembled_data(tvb,offset,pinfo,"Reassembled Message",frag_msg, &dan_frag_items,
NULL,tree);
if(frag_msg)
col_append_str(pinfo->cinfo, COL_INFO, "Message Reassembled");
else
col_append_fstr(pinfo->cinfo, COL_INFO, "Message Fragment %u", msg_seq);
proto_tree_add_text(tree, tvb, 0, -1,"new_tvb: %u",new_tvb);
if (new_tvb)
{
next_tvb = new_tvb;
dan_parse = TRUE;
//dan_parse_frag = TRUE;
}
else
next_tvb = tvb_new_subset(tvb,offset,-1,-1);
}
else
{
next_tvb = tvb_new_subset(tvb,offset,-1,-1);
dan_parse = TRUE;
}
pinfo->fragmented = save_fragmented;
Attachment:
f4.JPG
Description: f4.JPG
Attachment:
f2.JPG
Description: f2.JPG
- Follow-Ups:
- Re: [Wireshark-dev] Problems with dissecting fragmented packets
- From: Jeff Morriss
- Re: [Wireshark-dev] Problems with dissecting fragmented packets
- Prev by Date: Re: [Wireshark-dev] foo dissector of the dev guide
- Next by Date: Re: [Wireshark-dev] foo dissector of the dev guide
- Previous by thread: Re: [Wireshark-dev] foo dissector of the dev guide
- Next by thread: Re: [Wireshark-dev] Problems with dissecting fragmented packets
- Index(es):