Wireshark mailing list archives
Re: dissect_ip() and check for header length
From: Petr Sumbera <Petr.Sumbera () Sun COM>
Date: Thu, 16 Sep 2010 16:12:57 +0200
Ops. As I was not subscribed to the alias I missed that the mail actually went though and it even got answer from Guy:
...which means, of course, that no outgoing IPv4 traffic *ever* has IP options.
Otherwise, outgoing IPv4 packets would be undissectable unless the IPv4 header length is available elsewhere; you cannot dissect an IPv4 header unless you know how big it is, as it's not fixed-length (it's a fixed-length 20-byte portion followed by 0 or more bytes of options).
I know how big IP packet is. tvb_length(tvb) tells me... So shall I create new dissector which will do something like this? if (!tvb_get_ntohs(tvb, 2)) /* ip packet length is zero */ { length = (guint16*)tvb_get_ptr(tvb, 2, 2); *length = (guint16)htons(tvb_length(tvb)); } call_dissector(ip_handle, tvb, pinfo, tree); return; -- Thanks, Petr Dne 16.09.10 15:34, Petr Sumbera napsal(a):
Hi, I'm evaluating the way how to add support into Wireshark for Solaris snoop files with IP tunnel links data. The data are basically RAW IP so I wouldn't have to write new dissector. But the problem is that stored packets for *outgoing* traffic doesn't contain "Header length" (it's zero as at layer where it was captured it wasn't filled, the same case is for "Header checksum"). dissect_ip() for such packets will report just: "Header length: %u bytes (bogus, must be at least %u)". So we can either lighten this condition in dissect_ip() and continue with the packet processing (e.g if length and check sum is zero). Or I can create new dissector which will just add correct header length and pass it along to dissect_ip(). Thanks for any comments/suggestions. Petr
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- dissect_ip() and check for header length Petr Sumbera (Sep 09)
- Re: dissect_ip() and check for header length Guy Harris (Sep 09)
- <Possible follow-ups>
- dissect_ip() and check for header length Petr Sumbera (Sep 16)
- Re: dissect_ip() and check for header length Petr Sumbera (Sep 16)
- Re: dissect_ip() and check for header length Guy Harris (Sep 16)
- Re: dissect_ip() and check for header length Petr Sumbera (Sep 17)
- Re: dissect_ip() and check for header length Petr Sumbera (Sep 16)