Wireshark-dev: Re: [Wireshark-dev] Someone please help me on this Reassemly fragmentation
From: Pascal Quantin <[email protected]>
Date: Wed, 25 Feb 2015 12:33:25 +0100
Back to the mailing list

2015-02-25 12:07 GMT+01:00 Raj sekar <[email protected]>:
Hi Pascal ,
 
I have modified as per your instruction . Still iam getting Fragment not successful and reassembly unsuccessful. :(
 
You can see my code. It exactly as you said.
 
Please help.

Then it's really time for you to take a debugger and step in your code so as to verify what's wrong with your code. After all you are the only one having the capture and the code running, so confirm that the parameters given to fragment_add_seq_check() are the expected ones.
 
Raj
 
 

 
On Wed, Feb 25, 2015 at 5:36 PM, Pascal Quantin <[email protected]> wrote:


Le 25 févr. 2015 10:07, "Raj sekar" <[email protected]> a écrit :


>
> i have a off-line capture file..
>
> iam developing dissector for customised protocol
>
> i have a old ethereal tool for the same protocol now iam developing in wireshark.
>
> My message pdu got 3 different message types
>
>   1. Beginning of message
>   2. continuation of message
>   3. end of message
>
> in one Frame at a time it can receive any one of this message
>
> when it End of message sequence comes i need to reassemble whole PDU
>
> i have opened in ethereal tool and my output are like this
>  
> Frame Number   
> Message type
> pollflag
> NS (sequence Number)
> NR (SEquence ID)
>  
>  
> 283
> Beginning of message
> 0
> 0
> 0
> 343
> End of message 
> 0
> 1
> 0
>  -> Reassembly done here
>  
>  
> 379
> Beginning of message 
> 0
> 2
> 1
> 414
> Continuation of message
> 0
> 3
> 1
> 416
> Continuation of message
> 0
> 4
> 1
> 417
> End of Message
> 1
> 5
> 1
>  -> Reassembly done here
>  
>  
> 536
> Beginning of message
> 0
> 6
> 2
> 541
> End of meassage
> 0
> 7
> 2
>  -> Reassembly done here

Hi,

I'm really happy to see that you did not follow the explanations and advices I gave you yesterday by private email because you contacted me directly instead of sending to the mailing list.
As I told you your code cannot work as-is because it assumes that you will always get a begin - continuation - end sequence (so 3 fragments). If this is not the case and if you are sure to always receive the fragments in order, you could use an (evil ;)) global variable to keep track of the current fragment number. See a suggestion below in your code. If you put some effort in understanding what I explained you, and ensure that you are correctly setting the parameters of the reassembly API, it should work correctly.


>
>
> I have used my code structure like this
>
>
> guint32 rem_length;
> guint8 iflag,pf,stype,flag_sel,num_sel,i,sflag;  //
> guint32 pdu_len;
> guint8 save_fragmented;
> gboolean more_frags = FALSE;
> gboolean need_frag = FALSE;
> const *data = ""
> //tvbuff_t *try_tvb = NULL;
> //proto_item *frag_tree_item;
> tvbuff_t  *rass_tvb = NULL;
> tvbuff_t  *mns_tvb = NULL;
> guint32 msg_seqid;

replace it by:

static guint32 msg_seqid = 0;

> guint32 mns_seqid = 0;
> guint32 mns_seqnum = 0;
> fragment_head *frag_msg = NULL;
> gboolean reassembled = FALSE;
> //guint32  reassembled_in = 0;
> tvbuff_t * res_tvb = NULL;
> fragment_head * frag_head = NULL; 
> proto_tree *ptree = NULL;
> ptree = proto_tree_get_parent(tree);
>
>         
>          pf = (tvb_get_guint8(next_tvb, offset_payload) & 0x40) >>6 ; // Bit 7 pf
>          mns_seqnum = (tvb_get_ntohs(next_tvb, offset_payload) & 0x3ff00000) >>20; // 10 Bits are ns
>          offset_payload +=1;
>          mns_seqid = (tvb_get_ntohs(next_tvb, offset_payload) & 0x0ffc0000) >>18; // 10 bits are nr
>          offset_payload +=1;
>          stype = (tvb_get_guint8(next_tvb, offset_payload) & 0x03) ; // 2 bits LSB are Stype
>          offset_payload -=2;
>          
>          FT_BCnPDU_item = proto_tree_add_text(tree, next_tvb, offset_payload, bctsdu_length, "BCnPDU (Formatted) : Information, I flag = 0x%02x, Pf = 0x%02x, Ns = 0x%02x, Nr = 0x%02x ", iflag,pf,mns_seqnum,mns_seqid );
>          FT_BCnPDU_tree = proto_item_add_subtree(FT_BCnPDU_item, ett_FT_BCnPDU);
>          proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, " bctsdu_length: %d", bctsdu_length);
>     
>          proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, "I flag : 0x%02x (%s)", iflag,val_to_str(iflag,true_false_vals,"%s"));
>          proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, "Pf : 0x%02x (%d)", pf,pf);
>          proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 2, "Ns : 0x%02x (%d)", mns_seqnum,mns_seqnum);
>          offset_payload +=1;
>          bctsdu_length-=1;
>          proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 2, "Nr : 0x%02x (%d)", mns_seqid,mns_seqid);
>          offset_payload +=1;
>          bctsdu_length-=1;
>          proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, "BCnSegType : 0x%02x (%s)", stype,val_to_str(stype,BCn_Seg_Type_vals,"%s"));
>          offset_payload +=1;
>          bctsdu_length-=1;
>          
>          
>          switch (stype){
>          
>          case 0x00: // Continuation of Message
>            
>            msg_seqid=1;

replace it by:

msg_seqid++;

>           
>            bctsdu_length+=1;
>            
>            rem_length = bctsdu_length;
>            proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, rem_length , "PDU data : %d", rem_length);
>            
>                            
>            
>            
>          break;
>          
>          case 0x01: // Beginning of Message
>             
>             msg_seqid=0;
>             
>             
>             BCnPDU_stype_item = proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, 1, "%s",val_to_str(stype,BCn_Seg_Type_vals,"%s"));
>             BCnPDU_stype_tree = proto_item_add_subtree(BCnPDU_stype_item, ett_BCnPDU_stype);
>             
>             BCnPDU_bom_item = proto_tree_add_text(BCnPDU_stype_tree, next_tvb, offset_payload, 1, "MACSAPFLAGS");
>             BCnPDU_bom_tree = proto_item_add_subtree(BCnPDU_bom_item, ett_BCnPDU_bom);
>             
>             temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x80) >>7 ; // Bit 8 - Flow Control
>             proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Flow Control : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
>             temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x40) >>6 ; // Bit 7 - Reserved l
>             proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Reserved l : 0x%02x (%d)", temp_val,temp_val);
>             temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x20) >>5 ; // Bit 6 - Expedited
>             proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Expedited : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
>             temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x10) >>4 ; // Bit 5 - OAM PDU Flag
>             proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "OAM PDU Flag : 0x%02x (%s)", temp_val,val_to_str(temp_val, true_false_vals,"%s"));
>             temp_val = (tvb_get_guint8(next_tvb, offset_payload) & 0x08) >>3 ; // Bit 4 - Reserved 2
>             proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 1, "Reserved 2 : 0x%02x (%d)", temp_val,temp_val);
>             pdu_len = (tvb_get_ntohl(next_tvb, offset_payload) & 0x07ff0000) >>16; // PDU Length - 11 Bits
>             
>             proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 2, "PDU Length : 0x%02x (%d)", pdu_len,pdu_len);
>             
>             offset_payload+=2;
>             bctsdu_length-=2;
>            
>                         
>             if (rem_length >= pdu_len){
>             
>             rem_length-=2;
>             
>             proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, rem_length, "PDU data (if) : %d ", rem_length);
>             
>             } else {
>           
>             proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, rem_length, "PDU data (else) : %d ", rem_length);
>             
>             }
>             
>             
>          break;
>          
>          case 0x02: // End of Message
>            
>            msg_seqid=2;

replace it by:

msg_seqid++;

>            
>            bctsdu_length+=2;
>            
>            more_frags=TRUE;
>            
>            
>            rem_length =  bctsdu_length;
>            rem_length-=2;
>            
>            proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, rem_length , "PDU data : %d", rem_length);
>           
>            disable_CRC=1;
>            
>            
>          break;
>          
>          case 0x03: // Single Segment Message
>             // No need of fragmentation and reassembly
>             offset_payload+=1;
>             bctsdu_length-=1;
>             if (bctsdu_length>0){
>            
>              ALSIGPDU(next_tvb, pinfo, tree);
>                }
>                
>            
>            break;
>            
>            }
>             
>             if ( stype==0x01 || stype==0x02 || stype==0x00  ){
>                        
>                    
>                        pinfo->fragmented = TRUE;
>                        save_fragmented = pinfo->fragmented;
>                        
>                        frag_head = fragment_add_check(&mns_reassembly_table,
>                           next_tvb,
>                           offset_payload,
>                           pinfo,
>                           msg_seqid, 

this should be mns_seqid

>                           NULL,
>                           mns_seqid,

this should be msg_seqid

>                           pdu_length,
>                           ((msg_seqid == 2)?0:1));

this should be:

(stype == 0x02) ? FALSE : TRUE)

>                           
>                           
>                           
>                       
>                         if (frag_head != NULL) {
>                          
>                            col_append_str(pinfo->cinfo, COL_INFO, " [Fragment Successful]");
>                           } else {
>                           
>                           col_append_str(pinfo->cinfo, COL_INFO, " [Fragment Not Successful]");
>                           }     
>                              
>                           save_fragmented = pinfo->fragmented;
>                        pinfo->fragmented = FALSE;
>                    
>
>                        
>                        res_tvb = process_reassembled_data( next_tvb, offset_payload, pinfo, "Reassembled PDU", frag_head, &mns_frag_items, NULL, FT_BCnPDU_tree );
>                        save_fragmented = pinfo->fragmented;
>                        pinfo->fragmented = FALSE;
>                           
>                        if (res_tvb) {
>                           
>                           col_append_str(pinfo->cinfo, COL_INFO, " [mns reassembled]");
>                           } else {
>                             col_append_str(pinfo->cinfo, COL_INFO, "[mns not reassembled ]");
>                             
>                             }
>                          offset_payload+=rem_length; 
>                          bctsdu_length-=rem_length;
>            
>                    }
>
>  
>
>     I dont have any clue my fragmentation always not succesful. please help.
>  
> Thanks
>  
> Best Regards
> Raj
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:[email protected]?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe