Wireshark mailing list archives
Re: how to extract "IP.len" (IP_total length) to my local variable in my dissector?
From: John x <xiachangqin66 () hotmail com>
Date: Sat, 25 Jun 2011 02:47:49 +0800
thanks Jaap. Now that tvb_length() and tvb_reported_length() are different. Could you please tell me which one I need to use? As shown in the following picture, |----------------------------------------------------- | | | ... | ... | total length| ... | IP header |--------------------------------|-------------------- | | | ................ | IP Pay Load | | | ........... | byte to read|| |--------------------------------|-------------------- The situation is: I need to read the last byte of the packet, the last byte containing a length value, we can say such as 10 bytes, and then I need to move back 10 bytes from the end of last byte, and here is my dissector start to work location. What I thought is: to get the IP_total_length first, and then to get to the "byte to read" location. --- Is that correct? or any other ways to do it? I still don't know how to do it yet. Is there any doc or sample code I can refer to? Thanks a lot, I do appreciate your help John
Date: Fri, 24 Jun 2011 09:33:15 +0200 From: jaap.keuter () xs4all nl To: wireshark-dev () wireshark org Subject: Re: [Wireshark-dev] how to extract "IP.len" (IP_total length) to my local variable in my dissector? On 06/24/2011 09:13 AM, John x wrote:Hi, folks, I am developing a dissector, my tasks are: 1. to get the “ip.len” (the total length in IP header), 2. using the ip.len to know how long the packet would be and extract the last byte to my local variable. *Could you guys please tell me how to get the IP’s total length from IP header? * *How to extract the last byte of my packet? * Any suggestions or advices would be appreciated. Thanks for your help JohnSo your dissector sits on top of the IP dissector. It gets a TVB (Testy, Virtual Buffer) with the IP packet data. Then you can use all the wonderful functions in epan/tvbuff.h to get access to that (meta-)data. Like tvb_length() and tvb_reported_length(). Two things: Never go into the TVB data directly, always find the proper access function. Be aware that captured packets can be cut short, so the length you have (tvb_length) might be smaller than the original (tvb_reported_length). Thanks, Jaap ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- how to extract "IP.len" (IP_total length) to my local variable in my dissector? John x (Jun 24)
- Re: how to extract "IP.len" (IP_total length) to my local variable in my dissector? Jaap Keuter (Jun 24)
- Re: how to extract "IP.len" (IP_total length) to my local variable in my dissector? John x (Jun 24)
- Re: how to extract "IP.len" (IP_total length) to my local variable in my dissector? Guy Harris (Jun 24)
- Re: how to extract "IP.len" (IP_total length) to my local variable in my dissector? John x (Jun 24)
- Re: how to extract "IP.len" (IP_total length) to my local variable in my dissector? Guy Harris (Jun 24)
- Re: how to extract "IP.len" (IP_total length) to my local variable in my dissector? John x (Jun 24)
- Re: how to extract "IP.len" (IP_total length) to my local variable in my dissector? John x (Jun 24)
- Re: how to extract "IP.len" (IP_total length) to my local variable in my dissector? Jaap Keuter (Jun 24)