tcp_dissect_pdus. get reassemble TCP

[Bill Meier <wmeier () newsguy com>]

[I've chosen to continue on wireshark-dev the discussion originally 
started on ask.wireshark.org.

http://ask.wireshark.org/questions/14950/tcp_dissect_pdus-get-reassemble-tcp
]

================================================================

Hi, I'm using

    tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
    get_foo_message_len, dissect_foo_message)

to reassemble split TCP Packets in my own dissector. However, I cannot 
get the full TCP packet. In the dissect_foo_message, I do nothing first, 
just get the full TCP context by using:

    data_len = tvb_length(tvb);
    sprintf(str, "%s\n", tvb_get_string(tvb, 122, data_len));

the context in str is truncated.

I'm confused, according to the tutorial, I should get the full TCP 
packet in the dissect_foo_message, right? Help!!
reassemble tcp

razygon

---------------
Comment:

We'll need to see a bit more of your code. How are you determining the 
actual length of the PDU in get_foo_message_len() ?

dissect_foo_message() will be handed a tvb of whatever length is 
returned by get_foo_message_len()
(12 Oct, 06:48) Bill Meier

----------------
Comment:

void proto_reg_handoff_dataparse(void)
{
    dataparse_handle = create_dissector_handle(dissect_dataparse, 
proto_dataparse);
    dissector_add_uint("tcp.port", dataparse_PORT, dataparse_handle);
    **`//so the tvb only include data, no package headers, right?`**

}
static guint get_dataparse_message_len(packet_info *pinfo, tvbuff_t 
*tvb, int offset)
{
    return 2000;
}
static void dissect_dataparse_message(tvbuff_t *tvb, packet_info *pinfo, 
proto_tree *tree)
{
    int ip_len = 0;
    int data_len = 0;
    char *str;

    FILE *stream;

    if ((stream = fopen(filename,"a")) ==NULL)
    {
        return;
    }

    data_len = tvb_length(tvb);
    str = (char *)malloc(data_len);
    sprintf(str, "%s\n", tvb_get_string(tvb, 0, 2000));
    fwrite(str, strlen(str), 1, stream);
    if(stream != NULL)
    fclose(stream);

}
(4 hours ago) razygon

-----------------
Comment:

Hi Bill, I didn't finish the code, now i'm testing the function 
tcp_dissect_pdus() to check whether it works. But i try to give specific 
code in the below comment. besides that I have two questions: 1. I 
cannot get the len in advance, for the protocol didn't give it... is 
there any other way to get it? 2. for test, i set the return value of 
get_foo_message_len fixed, like 2000. but the data i get is not 
consecutive? confused...

===========

OK:

1. I'm not sure what you mean by "the data is not consecutive".

2. Re: "I cannot get the len in advance"

   What determines when you have a complete PDU (which presumably
   consists of TCP payload data which may extend over several packets).

3. Re:
     **`//so the tvb only include data, no package headers, right?`**

     Right. The tvb will contain the TCP payload data.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe