Wireshark mailing list archives
tcp_dissect_pdus. get reassemble TCP
From: Bill Meier <wmeier () newsguy com>
Date: Mon, 15 Oct 2012 11:05:52 -0400
[I've chosen to continue on wireshark-dev the discussion originally started on ask.wireshark.org.
http://ask.wireshark.org/questions/14950/tcp_dissect_pdus-get-reassemble-tcp ] ================================================================ Hi, I'm using tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN, get_foo_message_len, dissect_foo_message)to reassemble split TCP Packets in my own dissector. However, I cannot get the full TCP packet. In the dissect_foo_message, I do nothing first, just get the full TCP context by using:
data_len = tvb_length(tvb); sprintf(str, "%s\n", tvb_get_string(tvb, 122, data_len)); the context in str is truncated.I'm confused, according to the tutorial, I should get the full TCP packet in the dissect_foo_message, right? Help!!
reassemble tcp razygon --------------- Comment:We'll need to see a bit more of your code. How are you determining the actual length of the PDU in get_foo_message_len() ?
dissect_foo_message() will be handed a tvb of whatever length is returned by get_foo_message_len()
(12 Oct, 06:48) Bill Meier ---------------- Comment: void proto_reg_handoff_dataparse(void) {dataparse_handle = create_dissector_handle(dissect_dataparse, proto_dataparse);
dissector_add_uint("tcp.port", dataparse_PORT, dataparse_handle); **`//so the tvb only include data, no package headers, right?`** }static guint get_dataparse_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{ return 2000; }static void dissect_dataparse_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{ int ip_len = 0; int data_len = 0; char *str; FILE *stream; if ((stream = fopen(filename,"a")) ==NULL) { return; } data_len = tvb_length(tvb); str = (char *)malloc(data_len); sprintf(str, "%s\n", tvb_get_string(tvb, 0, 2000)); fwrite(str, strlen(str), 1, stream); if(stream != NULL) fclose(stream); } (4 hours ago) razygon ----------------- Comment:Hi Bill, I didn't finish the code, now i'm testing the function tcp_dissect_pdus() to check whether it works. But i try to give specific code in the below comment. besides that I have two questions: 1. I cannot get the len in advance, for the protocol didn't give it... is there any other way to get it? 2. for test, i set the return value of get_foo_message_len fixed, like 2000. but the data i get is not consecutive? confused...
=========== OK: 1. I'm not sure what you mean by "the data is not consecutive". 2. Re: "I cannot get the len in advance" What determines when you have a complete PDU (which presumably consists of TCP payload data which may extend over several packets). 3. Re: **`//so the tvb only include data, no package headers, right?`** Right. The tvb will contain the TCP payload data. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- tcp_dissect_pdus. get reassemble TCP Bill Meier (Oct 15)
- Re: tcp_dissect_pdus. get reassemble TCP Bill Meier (Oct 15)
- <Possible follow-ups>
- Re: tcp_dissect_pdus. get reassemble TCP Siyang Xiong (Oct 15)
- Re: tcp_dissect_pdus. get reassemble TCP Anders Broman (Oct 15)
- Re: tcp_dissect_pdus. get reassemble TCP Siyang Xiong (Oct 16)