Re: wanted to find frame size

[Hardik Patel <hardik.party () gmail com>]

Hi,

Thank you very much for your response.

I have my packet header length of 11 byte.

i used tcp_dissect_pdus() but not working as expected for me.

static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int
offset)
{
    /* TODO: change this to your needs */
    guint pdu_length;
    offset = 0;
    pdu_length = RTD_PKT_HEADER_T_SIZE    + tvb_get_letohs(tvb, 6 +
offset); // header is 11 bytes + offset frm whre i get length
    return pdu_length;
    //return (guint)tvb_get_ntohl(tvb, offset+6); /* e.g. length is at
offset 4 */
}

static void dissect_rts(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    tcp_dissect_pdus(tvb, pinfo, tree, TRUE, RTD_PKT_HEADER_T_SIZE,
                         get_foo_message_len, dissect_rts_message);
}



Regardless this function, as i have send snapshot, we can see that tvb
buffer contains frames and i wanted to know size of each.

Just for checking purpose i have hard code below line to skip first 708 frame
and after that my dissectors work fine.


    if (pinfo->fd->num==710)
        offset += 7;

and able to decode my packet header which contain further details to d
issect.


Regards,
Hardik Patel


On Thu, Jul 25, 2013 at 4:23 PM, <mmann78 () netscape net> wrote:

>  Shouldn't tcp_dissect_pdus() being doing the work for you?  You need to
> specify "minimum length" (which could be the size of your header, but
> usually it's just up to the "size" field in your header, wherever that may
> be), and after that the "length" function passed in should tell it how big
> your packet is.
>
> Or is the issue that you don't know the size of your packet, so you can't
> use tcp_dissect_pdus?
>
>  -----Original Message-----
> From: Hardik Patel <hardik.party () gmail com>
> To: wireshark-dev <wireshark-dev () wireshark org>
> Sent: Thu, Jul 25, 2013 9:46 am
> Subject: [Wireshark-dev] wanted to find frame size
>
>   Hello,
>
>  I have created dissector which is failing if TCP reassemble two packet.
>
>  Below is an example :
> [image: Inline image 1]
>
>
>  In this case TCP have reassembled two frame 708 and 710.
>  708 have 7 byte of data which is not my packet header. my packet header
> start from 0 byte of 710
> frame so i need to find method due to which i know if frame is of
> sufficient length or not.
>
>  If i can find length then simple i can put offset of 7 byte so i can
> start with my header and dissect it.
>
>
>  Regards,
> Hardik Patel
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe <wireshark-dev-request () wireshark 
> org?subject=unsubscribe>
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe