Wireshark mailing list archives
tshark --export-objects : -2 assumed or required for two-pass ?
From: chuck c <bubbasnmp () gmail com>
Date: Mon, 10 Aug 2020 16:30:42 -0500
tshark --export-objects dicom is behaving differently than exporting Dicom
objects in Wireshark.
Is the "-2" option assumed to be set, observed if set or not used at all
for exporting objects with tshark?
I think a two-pass is needed to set the is_storage flag properly which is
used below:
if (pdv->is_storage &&
pdv_curr->sop_class_uid && strlen(pdv_curr->sop_class_uid)>0 &&
pdv_curr->sop_instance_uid && strlen(pdv_curr->sop_instance_uid)>0)
{
sop_class_uid = wmem_strdup(wmem_packet_scope(),
pdv_curr->sop_class_uid);
sop_instance_uid = wmem_strdup(wmem_packet_scope(),
pdv_curr->sop_instance_uid);
/* Make sure filename does not contain invalid character. Rather
conservative.
Even though this should be a valid DICOM UID, apply the same
filter rules
in case of bogus data.
*/
filename = wmem_strdup_printf(wmem_packet_scope(),
"%06d-%d-%s.dcm", pinfo->num, cnt_same_pkt,
g_strcanon(pdv_curr->sop_instance_uid, G_CSET_A_2_Z
G_CSET_a_2_z G_CSET_DIGITS "-.", '-'));
}
else {
/* No SOP Instance or SOP Class UID found in PDV. Use wireshark
ones */
sop_class_uid = wmem_strdup(wmem_packet_scope(),
WIRESHARK_MEDIA_STORAGE_SOP_CLASS_UID);
sop_instance_uid = wmem_strdup_printf(wmem_packet_scope(),
"%s.%d.%d",
WIRESHARK_MEDIA_STORAGE_SOP_INSTANCE_UID_PREFIX, pinfo->num,
cnt_same_pkt);
/* Make sure filename does not contain invalid character. Rather
conservative.*/
filename = wmem_strdup_printf(wmem_packet_scope(),
"%06d-%d-%s.dcm", pinfo->num, cnt_same_pkt,
g_strcanon(pdv->desc, G_CSET_A_2_Z G_CSET_a_2_z G_CSET_DIGITS
"-.", '-'));
}
Diff showing with and without the "-2" flag used on tshark.
Test pcap is attached here:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13570
683c683
< 683 9.254460000 9.254460000 165.226.144.126 1514 ·······A···· 0x010
0x2bb0 65004 P-DATA, PDV Fragment [TCP segment of a reassembled PDU]
---
683 9.254460000 9.254460000 165.226.144.126 1514 ·······A···· 0x010
0x2bb0 65004 P-DATA, Secondary Capture Image Storage Fragment (reassembled in #2804) [TCP segment of a reassembled PDU] 716c716 < 716 9.257150900 9.257150900 165.226.144.126 1362 ·······AP··· 0x018 0x4630 65004 P-DATA, PDV Fragment ---
716 9.257150900 9.257150900 165.226.144.126 1362 ·······AP··· 0x018
0x4630 65004 P-DATA, Secondary Capture Image Storage Fragment (reassembled in #2804)
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- tshark --export-objects : -2 assumed or required for two-pass ? chuck c (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? John Thacker (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? chuck c (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? Guy Harris (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? chuck c (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? chuck c (Aug 10)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? Mikael Kanstrup (Aug 13)
- Re: tshark --export-objects : -2 assumed or required for two-pass ? John Thacker (Aug 10)