On Thu, 19 Jan 2012 17:53:57 -0200, Francesco Jacomel
<francesco.jacomel@xxxxxxxxx> wrote:
Hi,
I've just subscribe to this list to find some successful experience
on
reassembling packets.
I'm trying to use the developers guide to help me on doing it, but I
had no success until this moment.
I'm creating a new dissector and for simple messages it works fine,
but nothing works neither when adding fragments in a hash table nor
when reassembling the packets.
Let me show the incoming packets, at first, to make the problem more
clear.
In the .log file -also created by myself-, I have the following:
The packet with the total size to be reassembled is this one
18:25:13.257
000000 00 0C 00 05 AA FF 00 00 8F
.........
Where 00 0C 00 05 means:
01 - TX
0C - MY PROTOCOL
00 05 - 2 BYTES LENGTH
And A0 12 00 00 8F means:
AA - COMMAND CLASS
FF - INSTRUCTION
00 - DON'T CARE
00 - DON'T CARE
8F - THE TOTAL LENGTH OF THE BYTES TO BE RECEIVED BY THE ME.
fd->num;
frag_msg = fragment_add_seq_check (tvb, 1, pinfo,
nRXCounter, // guint32 ID for fragments
belonging together - Is the same for the two parts of the message.
iso7816_fragment_table, // list of message fragments
iso7816_reassembled_table,// list of reassembled messages
nFrameCounter++, // guint32 fragment sequence number
- static variable starting at 0 value, working fine.
tvb_reported_length(tvb), // guint32 fragment length
!bGetNextRXFragment); // More fragments? */
bGetNextRXFragment = TRUE;
nLastRXLength = nLastRXLength-(len-3);
pinfo->fragmented = save_fragmented;
In the first RX received, it will add the tvb in the hash table, but
in the second, due to the bGetNextRXFragment = TRUE; it will call
the _FRAGMENT_ADD_SEQ_CHECK_ with the last parameter being FALSE,
what I understand is that I need to change it to FALSE when I know
that there is no more fragments, right??
There is any other parameter to pass/set in this function to
signalize
that there are no more fragments and the message can be reassembled?
I tried to change everything, use another functions, but it doesn't
work and FRAG_MSG is NEVER a valid value, on the Wireshark I see only
it adding fragments forever.
To check the answer for that, i have:
if (frag_msg) /* Reassembled */{
col_append_str(pinfo->cinfo, COL_INFO,"REASSEMBLED");
nFrameCounter = 0;
}
else /* Not last packet of reassembled Message */{
col_append_fstr(pinfo->cinfo, COL_INFO,"(Message fragment # %u)",
nFrameCounter++);
}
if(new_tvb){
col_append_fstr(pinfo->cinfo, COL_INFO,"new_tvb OK");
} else{
col_append_fstr(pinfo->cinfo, COL_INFO,"* new_tvb NULL");
}
And what I see in the Wireshark is :
8 18:25:13.264000 MyProtocol Equipment PROT 118 (Message fragment #
0)* new_tvb NULL
9 18:25:13.265000 MyProtocol Equipment PROT 36 (Message fragment #
1)* new_tvb NULL
Does anyone know how can I check if I'm doing everything needed to
reassemble the fragments with no problems? I'm doing something wrong
but I could not find what.
Thanks in advance for you all.
--
Francesco Jacomel.
Hey Francesco ..
does your reassemble finally worked ?
if not ..
i dont know where u built it in ...i had problems with the
check-function too.
i included my code before the IF(tree) and it finally worked..
Whats important is that u have to bulit it in when if(tree==0).. maybe
the visit-Flag kann help you...
Regards Marcel
