Wireshark · Wireshark-dev: Re: [Wireshark-dev] Reassembly Fragment fail

Wireshark-dev: Re: [Wireshark-dev] Reassembly Fragment fail

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>

Date: Tue, 17 Feb 2015 12:19:46 +0100

2015-02-17 8:59 GMT+01:00 Raj sekar <mrajsekar@xxxxxxxxx>:

Hi,
Hi ,

Iam developing a custom dissector on top of UDP which uses PDCP layer PDU RFC 2507 Selective Repeat ARQ Mechanism for segmentation and Reassembly.

My message contains
          Beginning of Message

          continuation of message and

          end of message
Messages are not coming in sequence and based on sequence number and message id i need to reassemble.

I dont know whether i should use
          conversation or

          add_fragment_seq_next or

          add_fragment_seq_check
Please suggest. I got stuck with this for long time.
Why is my code below not working? The fragmentation itself not successful and thus reassembly not working. Please suggest!

Hi,

first of all I highly suggest you to read https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectReassemble.html#idp424235420 and have a look at how it is used by other dissectors.

switch (stype) {
case 0x00: // Continuation of Message
    msg_seqid = 2;
    rem_length = bctsdu_length;
    proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, rem_length, "PDU data : %d", rem_length);
    break;
case 0x01: // Beginning of Message
    msg_seqid = 1;
    proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, 2, "PDU Length : 0x%02x (%d)", pdu_len, pdu_len);
    rem_length = tvb_length_remaining(next_tvb, offset_payload);
    rem_length -= 2;
    proto_tree_add_text(BCnPDU_bom_tree, next_tvb, offset_payload, rem_length, "PDU data  : %d ", rem_length);

    break;
case 0x02: // End of Message
    msg_seqid = 3;
    bctsdu_length += 2;
    more_frags = FALSE;
    rem_length = bctsdu_length;
    rem_length -= 2;
    proto_tree_add_text(FT_BCnPDU_tree, next_tvb, offset_payload, rem_length, "PDU data : %d", rem_length);
    disable_CRC = 1;
    break;
case 0x04: // Single Segment Message
    ---- // doesn't need fragment/reassembly
      break;
}

if (msg_seqid == 1 || msg_seqid == 2 || msg_seqid == 3) {
    save_fragmented = pinfo->fragmented;
    pinfo->fragmented = TRUE;
    frag_msg = fragment_add_seq_check(&mns_reassembly_table,
                                      next_tvb,
                                      offset_payload,
                                      pinfo,
                                      mns_seqnum,

What is this mns_seqnum parameter? Do you confirm it changes between PDUs and is the same for all fragments of a given PDU?


                                      NULL,
                                      mns_seqid,

mns_seqid should start from 0 while here you are starting it from 1. It means that the API is endlessly waiting for the first fragment. As indicated in reassemble.h header file:

* These functions add a new fragment to the fragment hash table,
* assuming that frag_number is a block sequence number (starting from zero for
* the first fragment of each datagram).


                                      rem_length,
                                      more_frags);
    if (frag_msg) {
        col_append_fstr(pinfo->cinfo, COL_INFO, " mns segment of a FRAGMENT PDU");
    } else {
        col_append_fstr(pinfo->cinfo, COL_INFO, " FRAGMENT NOT DONE ");
    }
}
if (more_frags == FALSE) {

This code should be done unconditionally, and not only when you receive the last fragment (especially as you could receive the last before the other ones). So remove this (more_frags == FALSE) check.


    save_fragmented = pinfo->fragmented;
    pinfo->fragmented = FALSE;

    rass_tvb = process_reassembled_data(next_tvb,
                                        offset_payload,
                                        pinfo,
                                        "Reassembled Message",
                                        frag_msg,
                                        &mns_frag_items,
                                        NULL,
                                        FT_BCnPDU_tree);
    if (rass_tvb) {
        col_append_str(pinfo->cinfo, COL_INFO, "(Message reassembled ) ");
        ALSIGPDU(rass_tvb, pinfo, FT_BCnPDU_tree);
    }
}

I am always getting the FRAGMENT NOT DONE error.

Thanks

Raj

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-dev] Reassembly Fragment fail
  - From: Raj sekar

Prev by Date: Re: [Wireshark-dev] function of dissector_try_uint()
Next by Date: Re: [Wireshark-dev] Dissector plugin not working with wireshark 1.12.3
Previous by thread: Re: [Wireshark-dev] Dissector plugin not working with wireshark 1.12.3
Next by thread: [Wireshark-dev] Volatile Read of Wireshark Frames
Index(es):
- Date
- Thread