Although i was able to reassemble and dissect 3 packets sent sequential, by using the* tcp_dissect_pdus* method , once a message is greater then 1500 bytes and is being divided into fragments (not by me) , the *tcp_dissect_pdus* method , doesn't help anymore , and my dissector is never called .
Whats the difference ? should i do something different if the message is disassembled not by me . thanks 2009/2/23 ronnie sahlberg <[email protected]> > >but i noticed that the TCP checksum test fails > > That may be an issue. Try disabling TCP checksum validation in the > preferences for TCP. > > By default, TCP reassembly will ignore all packets with a checksum failure > or "short" packets. (i.e. packets captures with a snaplen smaller than the > ethernet mtu) > > > > > On Mon, Feb 23, 2009 at 9:57 PM, יוני תובל <[email protected]> wrote: > >> hi , thanks . >> it seems to be working , but only when i raise the flag >> "pinfo->can_desegment=1 >> " inside the get_len method . >> but i noticed that the TCP checksum test fails in all the reassembled >> packets . >> why is that ? >> actually it also fails when i send the whole message in one buffer ... >> so its probably a different issue . . . >> >> >> thanks >> 2009/2/23 Guy Harris <[email protected]> >> >>> >>> On Feb 23, 2009, at 12:59 AM, יוני תובל wrote: >>> >>> > i tried to return the entire message length . still fails . >>> > (it only succeeds when the tvb consists of the entire message ) >>> > What about he offest value we pass to the get_len method . >>> >>> It's the offset into the tvbuff handed to the get_len routine of the >>> first byte of the packet whose length should be returned. >>> >>> Presumably the PDUs consist of a 2-byte length field (in network byte >>> order?) followed by that number of bytes of data, and, in the get_len >>> routine, you fetch the length value from the packet, add 2 to it, and >>> return that value. >>> >>> ___________________________________________________________________________ >>> Sent via: Wireshark-dev mailing list <[email protected]> >>> Archives: http://www.wireshark.org/lists/wireshark-dev >>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >>> mailto:[email protected] >>> ?subject=unsubscribe >>> >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <[email protected]> >> Archives: http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:[email protected] >> ?subject=unsubscribe >> > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
