Wireshark mailing list archives
Re: TCP reassembling
From: Andriy Beregovenko <jet () jet kiev ua>
Date: Fri, 9 Dec 2011 10:52:09 +0200
Hi fab12, On Fri, Dec 09, 2011 at 08:25:12AM +0100, fab12 () freesurf fr wrote:
Hello, I am having problem using the tcp_dissect_pdus and hope someone can help me here. The documentation seems pretty clear to me and I think I am doing what I am suppose to do: tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 20, get_foo_message_len, dissect_foo_packet); static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset) { guint length; unsigned char lengthBytes[4]; tvb_memcpy(tvb, lengthBytes, offset+MPI_LENGTH_INDEX, MPI_LENGTH_SIZE/8); length = lengthBytes[0] + (lengthBytes[1]<<8) + (lengthBytes[2]<<16) + (lengthBytes[3]<<24) + MPI_HEADER_SIZE; return length; }
Try to use tvb_get_ntohl or tvb_get_htonl. AFAIA you wanna read some kind of integer from raw data, am I right ?
Unfortunaty when I open a capture file it is not working properly. When I attach to wireshark with a debugger I can see that the behavior is not the one I expect: 1. The debugger stop to a first frame which contains the beginning of a large message. I can see that my get_foo_message_len is called and returns the length of the complete message. 2. Then wireshark the process the next frame which contains the remaining of the message. I can see it calls get_foo_message_len. Is this normal? I don't think so and if it is what am I suppose to do since I can't retrieve the size of the message the second time. Best regards, Fabien PS: Sorry if this is a duplicate. I tried to send the question already yesterday but I can't see it in my outbox so I guess I misclicked... ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
-- Best regards, Andriy 0xBDDBDAE3
Attachment:
signature.asc
Description: Digital signature
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- TCP reassembling fab12 (Dec 08)
- Re: TCP reassembling Andriy Beregovenko (Dec 09)
- Re: TCP reassembling fab12 (Dec 09)
- Re: TCP reassembling fab12 (Dec 09)
- Re: TCP reassembling fab12 (Dec 09)
- Re: TCP reassembling Andriy Beregovenko (Dec 09)