Hi, Few remarks. The mix-27010 dissector is made to dissect frames of type WTAP_ENCAP_MUX27010, or PCAP link layer header type, as defined at https://tcpdump.org/linktypes/LINKTYPE_MUX27010.html <https://tcpdump.org/linktypes/LINKTYPE_MUX27010.html> There it states what the layout in the PCAP packets ought to be. All your variations do not fall into that category, so shouldn't use this PCAP link layer header type, IMHO. Opinions on this vary. Instead you could use one of the USER link layer type (assuming that this is for private use only) in your capture, create a dissector for that link layer header type, and handle the defragmentation in there. Once you get that going, your complete mux27010 PDUs can then be handed to the (unmodified) mux27010 dissector, which handles the rest. As for your defragmentation code, all information should be there in the calls to fragment_add and process_reassembled_data for them to determine what the PDU boundaries are. This was you get to be handed single mux27010 PDUs, ready for the mux27010 dissector. The ‘rest of the data’ stays in the reassembly table and comes out once enough data has been added to it. Hope it helps
> On 26 Jan 2022, at 10:43, Lars Poeschel <poesc...@lemonage.de> wrote: > > Hello wireshark devs, > > I am currently struggling with reassembly of fragments of the mux27010 > protocol. > There is a dissector for the mux27010 protocol in wireshark > (packet-mux27010.c) but it does not work with fragments. The mux27010 > works on top of a serial line (uart) so there is no ethernet, no IP, no > TCP involved so far. I capture the serial line traffic in pcap format, > but it has no understanding of the mux27010 protocol, so there can be > any possible combination of mux PDU and pcap capture unit in there,
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
