Wireshark mailing list archives

Re: starting the actual packet counting using wireshark functions

From: Guy Harris <guy () alum mit edu>
Date: Thu, 28 Jan 2010 11:26:49 -0800


On Jan 28, 2010, at 11:12 AM, Brian Oleksa wrote:

Basically... I am having a hard time converting my code below to use the 
built in calls to make sure there is no buffer overrun


The builtin calls *themselves* do the buffer checks - if you pass an out-of-range offset to, for example, a tvb_get_ 
call, it will throw an exception, and dissection of the packet will stop.  proto_tree_add_item() uses tvb_get_ calls to 
fetch data, so they will also cause an exception to be thrown if the offset is out of range.

and to make sure 
that I am on the correct packet I am trying to dissect.

I have a header of size 18 that I want to skip..


No, you have a header of size 18 that you want to *dissect*, with a 2-byte magic field, an 8-byte checksum field 
(which, as per "CRC Questions", is probably 4 bytes of 0 and 4 bytes of CRC32, thanks to Java's lack of unsigned data 
types), and an 8-byte transmission time.  Don't just skip it, put the header fields into the dissection along with the 
rest of the packet.

then the next packet I am dissecting.


What you're presumably dissecting are part of the *same* packet.  The Helen packet format:

        https://www.darkcornersoftware.com/confluence/display/open/Packet+Structure

indicates that a packet has the 18-byte header followed by a series of extensions; those are all part of the same 
packet.

The page at

        https://www.darkcornersoftware.com/confluence/display/open/Helen+Manual

says this runs over UDP, so there's one Helen packet for each UDP packet.  Your dissector will be called by the UDP 
dissector for each UDP packet, so it is handed a tvbuff containing one and only one Helen packet, so you don't have to 
worry about whether you're on the correct packet - you will, by definition, be on the *only* packet within a given UDP 
packet.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

starting the actual packet counting using wireshark functions Brian Oleksa (Jan 28)
- Re: starting the actual packet counting using wireshark functions Guy Harris (Jan 28)