Wireshark-dev: Re: [Wireshark-dev] complex problem
From: Marcel Haas <inf462@xxxxxxxxxxx>
Date: Fri, 14 Oct 2011 10:30:17 +0200
On Thu, 13 Oct 2011 09:03:38 -0400, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
Marcel Haas wrote:
Hey,
maybe the problem isnt so complex to solve but its complex for me to explain. :) I have written my own reassemble code and it seems to work. But i have one big problem. If i set the filter and click apply, it works,because it goes trough every packet. And I get my reassemble msg after the packet but if now click at the reassemble packet there is now reassemble tvb. I know the reason for that cause he interpret every packet one on one
Example:
Filter is set click at Apply
Packet: 1 -frag
Packet: 2 -frag
Packet: 3 -Reassemble (last frag)
If i click at Packet 3 he interprets only packet 3. He doesnt see packet 1 2
and so he bulits now Reass Tvb.

The part about not seeing packets 1 and 2 when clicking on packet 3
is correct.  You must do all your reassembly in the first pass (read:
even when !tree--which it appears you're doing) and it must be stored
in such a way that when it's (only) re-dissecting packet 3 it will
have the data from packets 1 and 2 available to it.  I suspect that
your custom reassembly routine isn't doing this latter part.

(Yes, this means that Reassembly requires using lots of memory.  See
http://wiki.wireshark.org/KnownBugs/OutOfMemory .)

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Hmm okay, but e.g. epan/dissectors/packet-atalk.c use the fragment_add_seq_check function after if(tree) :(
So i did with my own reass-algo.
Damn reassempling screw me :). And i dont get why fragment_add_seq_check doesnt work for me.
im a little bit frustrated.. and that on a friday :D