diff options
| author | Jeff Morriss <jeff.morriss.ws@gmail.com> | 2012-09-07 02:09:59 +0000 |
|---|---|---|
| committer | Jeff Morriss <jeff.morriss.ws@gmail.com> | 2012-09-07 02:09:59 +0000 |
| commit | aa5d9d78ddcb4b7066ab03afa4277fab0bf0f468 (patch) | |
| tree | 7549708474866dbbdbe811f34c57a3a7bd6ccf0b /epan/dissectors/packet-ip.c | |
| parent | 8ba24b5530a5916769d2fa0012de4943bac2fde3 (diff) | |
From Robert Bullen via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7683 :
The reassembled fragments tree in the Packet Details view is awesome, but it
lacks one thing: a field that exposes the reassembled data.
tcp.data already exists for exposing a single TCP segment's payload as a byte
array. It would be handy to have something similar for a single application
layer PDU when TCP segment reassembly is involved. I propose
tcp.reassembled.data, named and placed after the already existing field
tcp.reassembled.length.
My primary use case for this feature is outputting tcp.reassembled.data with
tshark for further processing with a script.
The attached patch implements this very feature. Because the reassembled
fragment tree code is general purpose, i.e. not specific to just TCP, any
dissector that relies upon it can add a similar field very cheaply. In that
vein I've also implemented ip.reassembled.data and ipv6.reassembled.data, which
expose reassembled fragment data as a single byte stream for IPv4 and IPv6,
respectively. All other protocols that use the reassembly code have been left
alone, other than inserting NULL into their initializer lists for the newly
introduced struct field reassemble.h:fragment_items.hf_reassembled_data.
svn path=/trunk/; revision=44802
Diffstat (limited to 'epan/dissectors/packet-ip.c')
| -rw-r--r-- | epan/dissectors/packet-ip.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index ac4f019857..bba473929a 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -177,6 +177,7 @@ static int hf_ip_fragment_error = -1; static int hf_ip_fragment_count = -1; static int hf_ip_reassembled_in = -1; static int hf_ip_reassembled_length = -1; +static int hf_ip_reassembled_data = -1; #ifdef HAVE_GEOIP static int hf_geoip_country = -1; @@ -244,6 +245,7 @@ static const fragment_items ip_frag_items = { &hf_ip_fragment_count, &hf_ip_reassembled_in, &hf_ip_reassembled_length, + &hf_ip_reassembled_data, "IPv4 fragments" }; @@ -2828,8 +2830,12 @@ proto_register_ip(void) { &hf_ip_reassembled_length, { "Reassembled IPv4 length", "ip.reassembled.length", FT_UINT32, BASE_DEC, - NULL, 0x0, "The total length of the reassembled payload", HFILL }} - }; + NULL, 0x0, "The total length of the reassembled payload", HFILL }}, + + { &hf_ip_reassembled_data, + { "Reassembled IPv4 data", "ip.reassembled.data", FT_BYTES, BASE_NONE, + NULL, 0x0, "The reassembled payload", HFILL }} +}; static gint *ett[] = { &ett_ip, |