Hi, I'm writing a dissector for our LTE PHY packets. I have started working on fragmented packets. These are ethernet packets that are fragmented with some propriatery limitation. Nevertheless we have a PI header (under the ethernet header) that is always there in any fragment. The PI header contains what I thought is sefficient data for the fragment functions such as: size - the size of the PI message payload, Fragment (full, first, mid and last for indication as in what part of the fragmented packet are we) and sequence - message sequence index. I have used the "fragment_add_seq_check()" and the "process_reassembled_data()" functions to reassemble the packets but with no success. I get no reassembled packets. Only an indication on the fragments. I followed the "How to reassmble split packet" section 9.4 in the developers guid. I also went through the code over and over and see no problem. It seems that there is no use for the "LAST" indication of the fragmentation. After the last one I should have got a reassmbled packet. Any help will be much appriciated Yosi asked 16 Nov '10, 01:44  Yosi edited 16 Nov '10, 04:34 |
One Answer:
Yosi, I had a look on your code on http://seclists.org/wireshark/2010/Nov/279 The more_frags parameter in fragment_add_seq_check must be false when you reach the last fragment, so consider using (flags != FR_LAST) Dev guide example might be confusing : Emmanuel answered 17 Nov '10, 10:18  manux |
Yosi, there is no such thing as a fragmented Ethernet frame. I'm not a developer, but I'm pretty sure all code having to do with fragments is limited to IP packets (where fragmentation occurs). But it sounds like you're doing your own header on top of Ethernet (new ethertype/LLC?).
Let me clerify. The fragmentation is not on the Ethernet of course. We are building a header on top of the ethernet. Each fragment is an ethernet packet that has a PI header with the data about the fragmented data. The PI payload is fragmented