Hi, i have a custom dissector is layered on top of UDP that splits up its own data stream.flag bytes that signals the presence of a multi-packet sequence and also the last packet, followed by an ID of the sequence and a packet sequence number.
if I use if i use what is my problem? please help me. thanks. my code is like in this question. the picture of result in the case of the picture of result in the case of This question is marked "community wiki". asked 14 Jun '17, 10:55 hhw edited 04 Jul '17, 04:33 |
One Answer:
See my response on the wireshark-dev mailing list explaining why the reassembly function is behaving as expected and what to change on your side. answered 04 Jul '17, 14:14 Pascal Quantin |
Looking through
fragment_add_work()
it appears other interesting parameters forfragment_add_check()
are:Could you add the values of those for each packet (similar to the output in the question)?
in the case of using fragment_add_work(), how can i use frag_id in reassembling?
fragment_add_work()
isn't an API you can use: it's the internal routine that does the work offragment_add()
andfragment_add_check()
. But to debug your problem of course we need to figure out what that routine is doing with your fragments.excuse me. i dont know how to ues fragment_add_work for adding of those for each packet. i upload my foo.pcap and my code. can you take a look at it. thank you very very much.
my pcak : https://ufile.io/cmxe1
my code :https://ufile.io/ic0er
You might want to join the Wireshark developer mailing list for this. I'm not sure how often Jeff and others are visiting this site.
The mailing lists are here: https://www.wireshark.org/lists/