Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Packet reasembling

From: "Василь Семчишин" <semchyshyn@xxxxxxxxx>
Date: Mon, 22 Dec 2008 18:48:49 +0200
Thank you for your replay.
But the main trouble for me is how to make collecting and storing data from sub-channels using routines present in wireshark. All what I've see is suitable for handling at least one byte of data, and in my case it must work with bits. Size of PDU is unknown, so I must collect fixed amount of byte's and give this chunk to higher level dissector.
Any other ideas?

2008/12/19 Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
I think one way might be to use a combination of conversations. You
could try to create one conversation for each sub-channel. The
conversation should have some way of storing the data from the
sub-channel.

Each time you have dissected a frame, append the data from each
sub-channel to each conversation and check if the end of the PDU on a
particular PDU is reached. When you are sure that you have a complete
PDU, create a new tvb from the collected bytes using
tvb_new_real_data, you could possible use that tvb to call other
dissectors.

The downside WS is not automatically show the extra re-assembly
information in the frames.

That my idea as a novice ;-) I am sure someone else might have better
suggestions (or it is even possible that reassembly API is modified to
suit this kind of application).

HTH
Abhik

On Thu, Dec 18, 2008 at 11:01 AM, Vasyl Semchyshyn
<Vasyl.Semchyshyn@xxxxxxxxxxx> wrote:
> HI all.
> I know Wireshark can reassemble packets, and I have found several reassembling strategies, but it seams that none of them is suitable for me.
>
> In my dissect function I'm receiving a buffer that consist of 32 bytes - this is one frame. Each byte of this frame is called timeslot, and enumerated from 0 to 31, e.g timeslot0, timeslot1, ....
> Each timeslot can be divided into several sub-channels, for example bits 0 -1 from timeslot0 will be sub-channel1, bits 2-3 will be sub-channel2, and so on, it's like applying bit mask on timeslot(0xC  for sub-channel1, 0x30 for sub-channel2, ...).
> To collect data of some sub-channel, we must take certain amount of bits at certain offset from the beginning of the frame, add them to buffer and continue doing this for each frame we have captured.
> Fragment disassembling is not applicable here because concatenation of two frames will not be helpful.
> Segment fragmentation is also not applicable because here work must be done with bits.
>
> So can someone make some suggestions how to implement reassembling for this protocol?
>
> "DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error,please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe