On Thu, 13 Oct 2011 11:40:01 +0200, Marcel Haas <inf462@xxxxxxxxxxx>
wrote:
Hey,
maybe the problem isnt so complex to solve but its complex for me to
explain. :)
I have written my own reassemble code and it seems to work. But i
have one big problem.
If i set the filter and click apply, it works,because it goes trough
every packet.
And I get my reassemble msg after the packet but if now click at the
reassemble packet there
is now reassemble tvb. I know the reason for that cause he interpret
every packet one on one
Example:
Filter is set click at Apply
Packet: 1 -frag
Packet: 2 -frag
Packet: 3 -Reassemble (last frag)
If i click at Packet 3 he interprets only packet 3. He doesnt see
packet 1 2
and so he bulits now Reass Tvb.
Maybe im calling my function at the worng position.
Code:
static void
dissect_xxx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){
...
if(tree){
...
}
// Fragment
Routine------------------------------------------------------------------------------------
if(totalp >1){
frag_tvb =tvb_new_subset(tvb,offset2,-1,-1); // Get
the TVB
big_tvb=ListenElementEinfuegen(NeuesListenElement(snode,pnum,totalp,frag_tvb));
// Reass Function
if (big_tvb) { // Reassembled Big_tvb != NULL
col_append_str(pinfo->cinfo, COL_INFO,
" (Message Reassembled)");
add_new_data_source(pinfo,big_tvb,"Defrag TVB");
// ADD new Data Source
} else { // Not last packet of reassembled Short
Message Big_tvb == NULL
col_append_fstr(pinfo->cinfo, COL_INFO,
" (Message fragment %u)", pnum);
col_append_fstr(pinfo->cinfo, COL_INFO,
" (Frag: %u)", pinfo->fd -> num);
col_append_fstr(pinfo->cinfo, COL_INFO,
" (Visit: %u)",
pinfo->fd->flags.visited);
}
}
}
I hope someone understand my problem and have a good idea/solution :)
thx and regards
Marcel
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Hey Guys
still haveing the same problem..
Nobody have an clue for me ??
Jeff was saying to put my code before if(tree) if i get i right.. but
other dissectors use reassembling after if(tree) too.
Maybe i can conrtol it by "pinfo->fd->flags.visited" ??
Regards Marcel