Wireshark-bugs: [Wireshark-bugs] [Bug 4865] New: mp2t Reassembly Help
Date: Thu, 10 Jun 2010 16:26:06 -0700 (PDT)

           Summary: mp2t Reassembly Help
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: [email protected]
        ReportedBy: [email protected]

Created an attachment (id=4782)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4782)
My current version of mp2t that doesn't work.

Build Information:
Version 1.5.0 (SVN Rev 33201 from /trunk)

Copyright 1998-2010 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO

Compiled with GTK+ 2.20.1, (32-bit) with GLib 2.24.1, with libpcap 1.0.0, with
libz 1.2.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, without GnuTLS, without
Gcrypt, without Kerberos, without GeoIP, without PortAudio, without AirPcap.

Running on Linux, with libpcap version 1.0.0, with libz

Built using gcc 4.4.4 20100503 (Red Hat 4.4.4-2).
I've been trying to re-factor the mp2t dissector to be more easily extensible
and am running into reassembly issues.  I would like to make the mp2t dissector
support the 'new model' of having subdissectors set pinfo->desegment_len to
either DESEGMENT_ONE_MORE_SEGMENT or the desired length.  I have tried
following the examples I have found in packet-tcp.c, packet-udp.c, the original
packet-mp2t.c and others, but I just can't piece together how to do it.  I've
been at it for quite a while (a couple hours a day for a few weeks) but am no

I mainly need help figuring out how to convince wireshark to reassemble the
data packets and then give me a tvb that I can send to to the subdissectors
(either each call, or at the end of the message).

I also get a multitude of these errors:
Warn Dissector bug, protocol MP2T, in packet 1: proto.c:1570: failed assertion
"(guint)hfindex < gpa_hfinfo.len"

I've stepped around in the code with ddd but am not really able to figure out
how to fix the error.

In a nutshell, here is what I am doing:
1. Create a tree with the active set of messages to rebuild (they can be
2. For each PDU, I uniquely identify the frame, subframe & head/tail portion
for the ID.
3. For each PDU I find the active message structure or create a new one.
4. I then add the data to the fragment table with fragment_add() using the
unique ID.
5. I then attempt to reassemble the data with process_reassembled_data()
6. If I get a tvb buffer, I attempt to call the subdissectors.
7. Depending on the output of the subdissector, I may call
fragment_set_partial_reassembly() to indicate that the message isn't complete.
8. Repeat until the end of the UDP message wrapper.

Private data structure:
typedef struct _mp2t_private_t {
    guint16 pid;
    guint8 tsc;
    guint32 consumed;
} mp2t_private_t;

Anders suggested that something is wrong with my hf declarations.

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.