Wireshark-dev: Re: [Wireshark-dev] Reassembling captured frame with 2 splitted packets
Yippee! I´ve got it!
I´ve copied & saved the packet info pinfo and reset the values after the first reassembling.
for (i = 0; i < num_of_packets_in_frame; i++){
...
memcpy(&pinfo_tmp, pinfo,sizeof(*pinfo));
...
frag_msg = fragment_add_seq_check(...);
new_tvb = process_reassembled_data(...);
...
pinfo = &pinfo_tmp;
}
Regards,
Chris
----- Ursprüngliche Mail ----
Von: Hans Glück <hanschris.glueck@xxxxxxxx>
An: wireshark-dev@xxxxxxxxxxxxx
Gesendet: Dienstag, den 21. April 2009, 12:05:51 Uhr
Betreff: [Wireshark-dev] Reassembling captured frame with 2 splitted packets
Hi,
I´m writing a dissector and want to reasemble splitted packets. Some of my captured packets have splitted packets inside - the end of packet x and the start of packet x+1.
But my dissector doesn´t handle such packets correctly. I made a loop to dissect/reassemble the two parts of the packet, but only one of these packets will be reassembled, the other one will be ignored.
But I do not know why! Are there some flags I have to (re-)set, e.g. pinfo->fd->flags.visited? Cause "reassemble.c" uses it...
Regards,
Chris
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
