[adding wireshark-dev mailing list which should have been your destination address rather than my personal email]
Hi hhw hhw, 2017-07-04 16:36 GMT+02:00 hhw hhw <hhw.h...@gmail.com>: > Hi. i have a custom dissector is layered on top of UDP that splits up its > own data stream.flag bytes that signals the presence of a multi-packet > sequence and also the last packet, followed by an ID of the sequence and a > packet sequence number. > can you help me in this question ? > [Help] difference between fragmentation reassembly functions ( > https://ask.wireshark.org/questions/62028/help-difference- > between-fragmentation-reassembly-functions ) > based on your packet capture, the reassembly API is behaving as expected. packet nb sequence id sequence number more flag info 1 16 0 1 (Message Reassembled) 2 16 1 1 (Message Reassembled) 3 16 2 0 (Message Reassembled) 4 5 11 1 (Message fragment 11) 5 5 12 1 (Message fragment 12) 6 5 13 0 (Message fragment 13) The first 3 packets have the same sequence identifier, they start from sequence number 0 without any missing fragment and the last fragment (SN=2) is identified by the more flag bit being 0 -> they get reassembled. The last 3 packets are not reassembled because SN 0 to 10 are missing. If you expect reassembly to be performed for packets 4 to 6, you must ensure that call the reassembly API with frag_number equal to 0 for packet 4, 1 for packet 5 and 2 for packet 6. If you are really sure that no packet loss / reordering could happen (but it is hardly believable given that you operate on top of UDP), you could also try using fragment_add_seq() with REASSEMBLE_FLAGS_NO_FRAG_NUMBER flag: frag_msg = fragment_add_seq(&msg_reassembly_table, tvb, offset, pinfo, sequenceid, NULL, /* ID for fragments belonging together */ sequenceno, /* fragment sequence number */ tvb_captured_length_remaining(tvb, offset), /* fragment length - to the end */ morefrag, /* More fragments? */ REASSEMBLE_FLAGS_NO_FRAG_NUMBER); But better avoid using this REASSEMBLE_FLAGS_NO_FRAG_NUMBER flag and instead put whatever code is required to know what is the beginning of a new fragmented message while you run on UDP that does not guarantee in order and lossless delivery. Hope this help, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
