ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Reassembling: pinfo and 2 functions

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Anders Broman" <anders.broman@xxxxxxxxxxxx>
Date: Tue, 28 Apr 2009 17:19:06 +0200
Hi,
If I rememeber correctly from previus post bnp runs on top of TCP.
I would write a BNP dissector that does TCP reassembly(I think that was
one of your problems) your BNP dissector would then be feed
BNP messages. Is the next layer a new protocol that can be segmented if
so write a dissector for that one and let that do reassembly,
How to do it depends a bit on the protocol, if it contains sequence
numbers forinstance.
Packet-sccp.c does reassembly and can perhaps be used as a reference.

Regards
Anders



 

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of
gogrady@xxxxxxxxx
Sent: den 28 april 2009 16:56
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Reassembling: pinfo and 2 functions

Hello people,

I am trying to reassembly my messages and am having a lot of trouble
understanding how it works. I dont quite understand the process that it
goes through and when to call functions / set variables. From looking at
other dissectors it looks like these are the things to change:

gboolean fragmented;
guint16 can_desegment;
int desegment_offset;
guint32 desegment_len;

a fragment_data object

fragment_add_check()
process_reassembled_data()

but i'm having trouble understanding what each of these really do or how
to manipulate them to say that a certain part of the buffer if part of a
message and how to add to it and then display it. 

Any help explaining these more would be great help. I've read
reassemble.h and looked at teh source, but i'm not sure how to use them
in actual code. I've also looked at packet-scsi.c and still dont
understand how to implement these with my dissector. which im trying to
reassemble a multi-part message which goes like this:

bnp header [3](3 bytes) + message and information elements bnp header
[4](3 bytes) + information elements bnp header [4](3 bytes) +
information elements bnp header [5](3 bytes) + information elements

bnp header: byte 1 - type [types: 2 whole data, 3 multi part start, 4
middle, 5 end of multi part]
            byte 2,3 - number of bytes after bnp header. 

so i would like to take just the data sections for reassembly:
message and information elements + information elements + information
elements + information elements

and then have that sent to be dissected as a whole packet.

Thank you in advance to whoever can help,

Greg


________________________________________________________________________
___
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube