starting the actual packet counting using wireshark functions

[Brian Oleksa <oleksab () darkcornersoftware com>]

Wiresharkers

I have stripped out alot of my own code and started to use the built in 
routines that is provided by wireshark.

As you can see below... my original way of starting the packet counting 
process is not correct and I understand that it is not guaranteed to 
work for all tvbuffs.
Which means that there is no guarantee that the "real_data" field (that 
I am using below) of a tvbuff will always be valid...plus there is no 
bounds checking that is done.

But I am having some problems starting the actual packet counting 
process using the built in calls. As I am digging through some of the 
examples.. I see the following:

guint helen_length = tvb_reported_length(tvb);
OR
gint32 helen;
helen = tvb_get_letohl(tvb, offset + 4);
OR

guint32 offset = 0;
guint32 length = 0;
tvb_memcpy(tvb, (guint8 *)&length, offset, 4);


Basically... I am having a hard time converting my code below to use the 
built in calls to make sure there is no buffer overrun and to make sure 
that I am on the correct packet I am trying to dissect.

I have a header of size 18 that I want to skip.. then the next packet I 
am dissecting.

Any help is appreciated.

Thanks,
Brian


void dissect_helen(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {

    proto_item *helen_item = NULL;
    proto_item *helen_sub_item = NULL;
    proto_tree *helen_tree = NULL;
    proto_tree *helen_header_tree = NULL;
    guint16 type = 0;

    if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
        col_set_str(pinfo->cinfo, COL_PROTOCOL, PROTO_TAG_HELEN);
    }

    if (check_col(pinfo->cinfo, COL_INFO)) {
        col_clear(pinfo->cinfo, COL_INFO);
    }

    type = tvb_get_guint8(tvb, 4);

    if (tree) {
        guint32 offset = 0;
        helen_item = proto_tree_add_item(tree, proto_helen, tvb, 0, -1, 
FALSE);
        helen_tree = proto_item_add_subtree(helen_item, ett_helen);
        helen_header_tree = proto_item_add_subtree(helen_item, ett_helen);
        helen_header_tree = proto_item_add_subtree(helen_sub_item, 
ett_helen);
        {
            guint8 * ptr = (guint8*) tvb->real_data;
            guint8 * packet_header = ptr;
            guint16 bead;
            char buf[100];
            char * packet_name = "";
            proto_tree *helen_sub_tree = NULL;
            guint swap = 0;

            bead = *((guint16*) packet_header);
            if (bead != 0xBEAD) {
                swap = 1;
            }

            offset += 18;
            ptr += 18; /* Skip the header.*/
            packet_header = ptr;

            for (;;) {
                guint16 code = *((guint16*) packet_header);
                guint16 numBytes = 0;
                guint unknownPacket = 0;
                guint codeOffset;
                ptr = packet_header;
                offset = (ptr - tvb->real_data);
                codeOffset = offset;

                if (swap) {
                    code = swap16(code);
                }

                ptr += 2;
                offset += 2;
                numBytes = *((guint16*) ptr);
                if (swap) {
                    numBytes = swap16(numBytes);
                }

                ptr += 2;
                offset += 2;

            // From here I start my actual looping over each byte using 
the correct wireshark routines....


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe