Wireshark mailing list archives
Re: Multiple-line parsing of packets dissected over HTTP
From: Joey Salazar via Wireshark-dev <wireshark-dev () wireshark org>
Date: Tue, 19 Jan 2021 22:09:41 +0000
Hi Pascal, On Tuesday, January 19, 2021 11:19 AM, Pascal Quantin wrote:
Hi Joey, Le mar. 19 janv. 2021 à 17:45, Joey Salazar via Wireshark-dev <wireshark-dev () wireshark org> a écrit :Hi all, In commit 33af2649 [1] we can keep dissecting the contents of the req, adv, and res packets by setting while (plen > 0) { } either in `dissect_git_pdu()` or in `dissect_one_pkt_line()`, but for now in `dissect_git_pdu()` it'd be a bit messy, so wanted to ask for your feedback for getting `dissect_one_pkt_line()` to work properly first. As you can see in pcap 169 [2], it correctly parses the length of the first line as 0x0014 (20 bytes) until `0x0a`, then it's supposed to get the length of the next line by the first 4 hex bytes in that line, but instead of reading the length as 0x0018 (24 bytes) it's reading it as 0x0010 (16 bytes), and anyways, this particular line's length actually is 59 bytes. Suggestions on how to approach this?So what is the code leading to this dissection? It does not seem to be https://gitlab.com/joeysal/wireshark/-/commit/33af2649927cb5660d4aeb64b9a9e9a58a1823aa as dissect_one_pkt_line() seem to read only one line
Yes, the code on that commit is what gives the parsing of the screenshot.
(BTW using a while loop in this commit is useless as you are incrementing offset by plen, and the code you shared considers that plen includes the 4 bytes of the packet length field while your screenshot does not assume that).
The first line does, please see this other screenshot [1]. Thank you, Joey [1] imgur.com/a/k8ueWfR
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Multiple-line parsing of packets dissected over HTTP Joey Salazar via Wireshark-dev (Jan 19)
- Re: Multiple-line parsing of packets dissected over HTTP Pascal Quantin (Jan 19)
- Re: Multiple-line parsing of packets dissected over HTTP Jonathan Nieder (Jan 19)
- Re: Multiple-line parsing of packets dissected over HTTP Joey Salazar via Wireshark-dev (Jan 21)
- Re: Multiple-line parsing of packets dissected over HTTP Joey Salazar via Wireshark-dev (Jan 20)
- Re: Multiple-line parsing of packets dissected over HTTP Pascal Quantin (Jan 19)
- Re: Multiple-line parsing of packets dissected over HTTP Joey Salazar via Wireshark-dev (Jan 20)
- Re: Multiple-line parsing of packets dissected over HTTP Pascal Quantin (Jan 20)
- Re: Multiple-line parsing of packets dissected over HTTP Jonathan Nieder (Jan 19)
- Re: Multiple-line parsing of packets dissected over HTTP Pascal Quantin (Jan 19)