Re: Multiple-line parsing of packets dissected over HTTP

[Pascal Quantin <pascal () wireshark org>]

Hi Joey,

Le mar. 19 janv. 2021 à 17:45, Joey Salazar via Wireshark-dev <
wireshark-dev () wireshark org> a écrit :

> Hi all,
>
> In commit 33af2649 [1] we can keep dissecting the contents of the req,
> adv, and res packets by setting
>  while (plen > 0) { }
> either in `dissect_git_pdu()` or in `dissect_one_pkt_line()`, but for now
> in `dissect_git_pdu()` it'd be a bit messy, so wanted to ask for your
> feedback for getting `dissect_one_pkt_line()` to work properly first.
>
> As you can see in pcap 169 [2], it correctly parses the length of the
> first line as 0x0014 (20 bytes) until `0x0a`, then it's supposed to get the
> length of the next line by the first 4 hex bytes in that line, but instead
> of reading the length as 0x0018 (24 bytes) it's reading it as 0x0010 (16
> bytes), and anyways, this particular line's length actually is 59 bytes.
>
> Suggestions on how to approach this?

So what is the code leading to this dissection? It does not seem to be
https://gitlab.com/joeysal/wireshark/-/commit/33af2649927cb5660d4aeb64b9a9e9a58a1823aa
as dissect_one_pkt_line() seem to read only one line (BTW using a while
loop in this commit is useless as you are incrementing offset by plen, and
the code you shared considers that plen includes the 4 bytes of the packet
length field while your screenshot does not assume that).

Best regards.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe