Wireshark-dev: [Wireshark-dev] Packet reassemble - FTP-DATA Dissector - FTP - Export Object
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "leonardocito@xxxxxxxxx" <leonardocito@xxxxxxxxx>
Date: Fri, 16 Jan 2015 16:07:57 +0100 (CET)
I already posted this question to Ask.Wireshark.org; as I have a very tight schedule and realise the mailing list is more appropriate, I am posting it here as well. Please advice me if I need to remove the other post.


I am implementing object export for the FTP protocol ( File-> Export Object -> FTP...).

I have got to the point of getting the list of files in the ExportObjectDialog window. However in such window I get an entry for each TCP packet used for the trasmission of each FTP packet. If save each entry and then join the resulting files in the correct order I get the file I am sopposed to. So I am on the right track but am not doing ftp packet reassembly correctly.

I have tried two approaches:

  1. The one explainded in section 2.7.2 of README.dissector. You can find the code at pastebin.com/nkxDUhkv. In order to make reading easier, I have added left several blank lines before and after the reassemble section. I am preatty sure this is the way to go, if this is the case you can skip to the end of the question. However since this approach has not been successful, I am providing details of the second one.

  2. I have followed the instructions given at https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html#TcpDissectPdus and added some extra code I think necessary, based on implementations I have seen of other dissectors.

    Please note that I think line

    ftpdatafragmented_handle = create_dissector_handle(dissect_ftpdatafragmented, proto_ftpdatafragmented);

    should go at the end of

    void proto_reg_handoff_ftp(void);

    However for some reason such function is not being called. Therefore I have moved the
    ftpdatafragmented_handle to

    dissect_ftpdata(tvbuff_t tvb, packet_info pinfo, proto_tree *tree).

    Please find the relevant code at pastebin.com/wHR2Q1LY. I have upload the whole mofidied FTP dissector code at pastebin.com/jxLUxewm.

Also note that I haven't dealt with conversation and transaction data yet. I will deal with that as soon as I fix packet reassemble.

What am I doing wrong with packet disassemble? Could somebody please help me?

Thank you in advance for your time.