Hi,
Two queries.
1. Is it possible to display the actual payload in place of "Fragment data"? (please see the mail chain below for reference)
2. If the packets are fragmented, the last fragment is not shown and instead, shows "Message Reassembled". How is it possible to display even the last fragment as "Fragment n" and then, next, display the reassembled packet.
To explain more about 2nd point, if there are 4 fragments, only 3 fragments are displayed as "Fragment 0", "Fragment 1" and "Fragment 2". The last fragment would be "Reassembled Message". I would want to display all 4 fragments and then the reassembled message separately.
Regards,
Darshan
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Monday, December 07, 2009 1:32 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Reassemble packets decoding - not proper
On Dec 6, 2009, at 10:44 PM, Rach, Darshan wrote:
> Kindly let me know what might have gone wrong.
Sorry, I forgot to indicate that, once you get to the point where you
dissect the field with the "request satisfied" bit, you're dealing
with a tvbuff that starts with that field, so you have to reset
packet_field_offset to 0, *AND* you have to fetch fields using
next_tvb, not tvb, so you're using that tvbuff:
if (next_tvb == NULL)
{
/* Just a fragment - put an item into the protocol tree for the
fragment data */
proto_tree_add_text(oqtp_tree, tvb, packet_field_offset, -1,
"Fragment data");
}
else
{
/* Not a fragment, or fragments were reassembled */
packet_field_offset = 0;
/*Request Satisfied*/
request_satisfied = tvb_get_guint8(next_tvb, packet_field_offset);
proto_tree_add_uint(oqtp_tree, hf_request_satisfied, next_tvb,
packet_field_offset, 1, ((request_satisfied & 0x80) >> 7));
/*Reserved_for_future_use*/
reserved_for_future_use = ((tvb_get_guint8(next_tvb,
packet_field_offset)& 0x7E) >> 1);
proto_tree_add_uint(oqtp_tree, hf_reserved_for_future_use,
next_tvb, packet_field_offset, 1, reserved_for_future_use );
/*No Extended pd syntax*/
no_extended_pd_syntax = (tvb_get_guint8(next_tvb,
packet_field_offset) & 0x1);
proto_tree_add_uint(oqtp_tree, hf_no_extended_pd_syntax,
next_tvb, packet_field_offset, 1, no_extended_pd_syntax );
packet_field_offset += 1;
/*Number of classifications*/
proto_tree_add_item(oqtp_tree, hf_num_classifications, next_tvb,
packet_field_offset, 1, FALSE);
num_classifications = tvb_get_guint8(next_tvb,
packet_field_offset);
packet_field_offset += 1;
...
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
This message is confidential and intended only for the addressee. If you have received this message in error, please immediately notify the postmaster@xxxxxxx and delete it from your system as well as any copies. The content of e-mails as well as traffic data may be monitored by NDS for employment and security purposes.
To protect the environment please do not print this e-mail unless necessary.
An NDS Group Limited company. www.nds.com
