ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 7683] New: Add a field to the Packet Details reassembled f

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 31 Aug 2012 08:59:09 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7683

           Summary: Add a field to the Packet Details reassembled
                    fragments tree that exposes the reassembled data
           Product: Wireshark
           Version: 1.9.x (Experimental)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Medium
         Component: Dissection engine (libwireshark)
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: robert@xxxxxxxxxxxxxxxx


Robert Bullen <robert@xxxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #9039|                            |review_for_checkin?
              Flags|                            |

Created attachment 9039
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=9039
A proposed implementation of the requested feature

Build Information:
TShark 1.9.0 (SVN Rev 44701 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GLib 2.32.2, with WinPcap (4_1_2), without libz, without
POSIX capabilities, without libnl, with SMI 0.4.8, with c-ares 1.7.1, with Lua
5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos,
with GeoIP.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008).

Built using Microsoft Visual C++ 10.0 build 40219

--
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.

tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.

My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.

The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube