Hi, Two queries. 1. Is it possible to display the actual payload in place of "Fragment data"? (please see the mail chain below for reference) 2. If the packets are fragmented, the last fragment is not shown and instead, shows "Message Reassembled". How is it possible to display even the last fragment as "Fragment n" and then, next, display the reassembled packet.
To explain more about 2nd point, if there are 4 fragments, only 3 fragments are displayed as "Fragment 0", "Fragment 1" and "Fragment 2". The last fragment would be "Reassembled Message". I would want to display all 4 fragments and then the reassembled message separately. Regards, Darshan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Guy Harris Sent: Monday, December 07, 2009 1:32 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Reassemble packets decoding - not proper On Dec 6, 2009, at 10:44 PM, Rach, Darshan wrote: > Kindly let me know what might have gone wrong. Sorry, I forgot to indicate that, once you get to the point where you dissect the field with the "request satisfied" bit, you're dealing with a tvbuff that starts with that field, so you have to reset packet_field_offset to 0, *AND* you have to fetch fields using next_tvb, not tvb, so you're using that tvbuff: if (next_tvb == NULL) { /* Just a fragment - put an item into the protocol tree for the fragment data */ proto_tree_add_text(oqtp_tree, tvb, packet_field_offset, -1, "Fragment data"); } else { /* Not a fragment, or fragments were reassembled */ packet_field_offset = 0; /*Request Satisfied*/ request_satisfied = tvb_get_guint8(next_tvb, packet_field_offset); proto_tree_add_uint(oqtp_tree, hf_request_satisfied, next_tvb, packet_field_offset, 1, ((request_satisfied & 0x80) >> 7)); /*Reserved_for_future_use*/ reserved_for_future_use = ((tvb_get_guint8(next_tvb, packet_field_offset)& 0x7E) >> 1); proto_tree_add_uint(oqtp_tree, hf_reserved_for_future_use, next_tvb, packet_field_offset, 1, reserved_for_future_use ); /*No Extended pd syntax*/ no_extended_pd_syntax = (tvb_get_guint8(next_tvb, packet_field_offset) & 0x1); proto_tree_add_uint(oqtp_tree, hf_no_extended_pd_syntax, next_tvb, packet_field_offset, 1, no_extended_pd_syntax ); packet_field_offset += 1; /*Number of classifications*/ proto_tree_add_item(oqtp_tree, hf_num_classifications, next_tvb, packet_field_offset, 1, FALSE); num_classifications = tvb_get_guint8(next_tvb, packet_field_offset); packet_field_offset += 1; ... ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe This message is confidential and intended only for the addressee. If you have received this message in error, please immediately notify the [email protected] and delete it from your system as well as any copies. The content of e-mails as well as traffic data may be monitored by NDS for employment and security purposes. To protect the environment please do not print this e-mail unless necessary. An NDS Group Limited company. www.nds.com ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
