4 Bytes too much in tvb

["Michael Biener Biener" <MBiener () gmx net>]

Hello everybody,

I implemented a dissector plugin for a special protokoll used in my Company, I Use tcp_dissect_pdus to reassemble the 
tcp Pakcets. Everthyng is working fine when Sending Data from CLient to Server, all Protokollitems shown well in the 
Wireshark tree. But on the response form Server the lenght detection fails because tvb is 4 Byte Bigger then the TCP 
offset. 

For exapmle The TCP Data Segement ist 36 Byte( Shown Correct in Wireshark Window ) But tvb has length of 40 BYTE im 
Reading the Lenth of A Message at Position 6, so now there comes a very big number because im now 4 Byte erlier then 
realy wanted.

Any Idea? did I Something wrong?

My Code looks like this:

static guint get_qcom_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{    
    //Len of 1. Object
    guint nLen1 = (guint)tvb_get_letohl( tvb,  offset+ 6 );  
    //Len of 2. Object
    guint nLen2 = (guint)tvb_get_letohl( tvb, offset+ 10 );             

    return nLen1 + nLen2 +15;   //Length of both Objects + header   
}

Kind Regards

Michael Biener



-- 
GRATIS! Movie-FLAT mit über 300 Videos. 
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe