This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Fragmentation dissecting Problem

0
1

Hi, I'm writing a dissector for our LTE PHY packets. I have started working on fragmented packets. These are ethernet packets that are fragmented with some propriatery limitation. Nevertheless we have a PI header (under the ethernet header) that is always there in any fragment. The PI header contains what I thought is sefficient data for the fragment functions such as: size - the size of the PI message payload, Fragment (full, first, mid and last for indication as in what part of the fragmented packet are we) and sequence - message sequence index. I have used the "fragment_add_seq_check()" and the "process_reassembled_data()" functions to reassemble the packets but with no success. I get no reassembled packets. Only an indication on the fragments. I followed the "How to reassmble split packet" section 9.4 in the developers guid. I also went through the code over and over and see no problem. It seems that there is no use for the "LAST" indication of the fragmentation. After the last one I should have got a reassmbled packet. Any help will be much appriciated

Yosi

asked 16 Nov '10, 01:44

Yosi's gravatar image

Yosi
6235
accept rate: 0%

edited 16 Nov '10, 04:34

Yosi, there is no such thing as a fragmented Ethernet frame. I'm not a developer, but I'm pretty sure all code having to do with fragments is limited to IP packets (where fragmentation occurs). But it sounds like you're doing your own header on top of Ethernet (new ethertype/LLC?).

(16 Nov '10, 09:12) hansangb

Let me clerify. The fragmentation is not on the Ethernet of course. We are building a header on top of the ethernet. Each fragment is an ethernet packet that has a PI header with the data about the fragmented data. The PI payload is fragmented

(17 Nov '10, 00:09) Yosi

One Answer:

0

Yosi, I had a look on your code on http://seclists.org/wireshark/2010/Nov/279

frag_msg = fragment_add_seq_check(tvb,offset,pinfo,
          msg_id,
          dan_fragment_table,
          dan_reassembled_table,
          msg_seq,tvb_length_remaining(tvb,offset),
          (flags == FR_LAST));

The more_frags parameter in fragment_add_seq_check must be false when you reach the last fragment, so consider using (flags != FR_LAST)

Dev guide example might be confusing :

frag_msg = fragment_add_seq_check(tvb, offset, pinfo,
    msg_seqid, /* ID for fragments belonging together */
    msg_fragment_table, /* list of message fragments */
    msg_reassembled_table, /* list of reassembled messages */
    msg_num, /* fragment sequence number */
    tvb_length_remaining(tvb, offset), /* fragment length - to the end */
    flags & FL_FRAG_LAST); /* More fragments? */

Emmanuel

answered 17 Nov '10, 10:18

manux's gravatar image

manux
162
accept rate: 0%