Marcel Haas wrote:
Hey,
maybe the problem isnt so complex to solve but its complex for me to
explain. :)
I have written my own reassemble code and it seems to work. But i have
one big problem.
If i set the filter and click apply, it works,because it goes trough
every packet.
And I get my reassemble msg after the packet but if now click at the
reassemble packet there
is now reassemble tvb. I know the reason for that cause he interpret
every packet one on one
Example:
Filter is set click at Apply
Packet: 1 -frag
Packet: 2 -frag
Packet: 3 -Reassemble (last frag)
If i click at Packet 3 he interprets only packet 3. He doesnt see packet
1 2
and so he bulits now Reass Tvb.
The part about not seeing packets 1 and 2 when clicking on packet 3 is
correct. You must do all your reassembly in the first pass (read: even
when !tree--which it appears you're doing) and it must be stored in such
a way that when it's (only) re-dissecting packet 3 it will have the data
from packets 1 and 2 available to it. I suspect that your custom
reassembly routine isn't doing this latter part.
(Yes, this means that Reassembly requires using lots of memory. See
http://wiki.wireshark.org/KnownBugs/OutOfMemory .)
