Wireshark mailing list archives
call_dissector(ip dissector handle) modify pinfo data
From: wsgd <wsgd () free fr>
Date: Wed, 29 Mar 2017 21:45:49 +0200
Hello all, I have a protocol/dissector called vrf. vrf = ip/tcp/vrf/vrf payload vrf payload = ip/tcp... To manage vrf payload, I do : call_dissector(<ip dissector handle>, next_tvb, pinfo, tree); Globaly, it is working. BUT, not with the following scheme (4 packet contains 3 vrf message/pdu) : |-- packet1 --||-- packet2 --||--- packet3 ---||----- packet4 -----| |------- vrf 1 --------||----- vrf 2 -------------||----- vrf 3 ---| In this case, my dissector is NOT called for packet 3. --> NOT okAt the end of call_dissector into vrf 1, some fields of pinfo have been modified, at least :
- net_src - net_dst - src - dst- srcport not matching the ones used for dissector_add_uint - destport not matching the ones used for dissector_add_uint
Start reading vrf 2 and stop (because packet2 has no enough data) with :pinfo->desegment_offset = 0; /* Start at beginning next time */
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT; Then, my dissector is NOT called for packet3 (it is called for packet4). --> NOT okI suppose that the pinfo modifications are the reasons for which my dissector is not called for packet3 ?
When I cancel these modifications before continue, it works. NB: it works if I use call_dissector(<_*data*_ dissector handle>, next_tvb, pinfo, tree); What is wrong ? What is the normal way to manage this ? Thanks, Olivier
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- call_dissector(ip dissector handle) modify pinfo data wsgd (Mar 29)