Wireshark mailing list archives

Re: TCP reassembling

From: Andriy Beregovenko <jet () jet kiev ua>
Date: Fri, 9 Dec 2011 10:52:09 +0200

Hi fab12,

On Fri, Dec 09, 2011 at 08:25:12AM +0100, fab12 () freesurf fr wrote:

Hello,

I am having problem using the tcp_dissect_pdus and hope someone can help
me here.

The documentation seems pretty clear to me and I think I am doing what I
am suppose to do:

      tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 20,
                    get_foo_message_len, dissect_foo_packet);


static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int
offset)
{
      guint length;
      unsigned char lengthBytes[4];

      tvb_memcpy(tvb, lengthBytes, offset+MPI_LENGTH_INDEX, MPI_LENGTH_SIZE/8);
      length = lengthBytes[0] + (lengthBytes[1]<<8) + (lengthBytes[2]<<16) +
(lengthBytes[3]<<24) + MPI_HEADER_SIZE;

    return length;
}


Try to use tvb_get_ntohl or tvb_get_htonl. AFAIA you wanna read some kind of
integer from raw data, am I right ?

Unfortunaty when I open a capture file it is not working properly.
When I attach to wireshark with a debugger I can see that the behavior is
not the one I expect:

1. The debugger stop to a first frame which contains the beginning of a
large message.
I can see that my get_foo_message_len is called and returns the length of
the complete message.
2. Then wireshark the process the next frame which contains the remaining
of the message. I can see it calls get_foo_message_len. Is this normal?
I don't think so and if it is what am I suppose to do since I can't
retrieve the size of the message the second time.

Best regards,
Fabien

PS: Sorry if this is a duplicate. I tried to send the question already
yesterday but I can't see it in my outbox so I guess I misclicked...


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


-- 
Best regards,
Andriy
0xBDDBDAE3

Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

TCP reassembling fab12 (Dec 08)
- Re: TCP reassembling Andriy Beregovenko (Dec 09)
  - Re: TCP reassembling fab12 (Dec 09)
    - Re: TCP reassembling fab12 (Dec 09)