I think this is a stupid question, but anyway:
Why don't you get directly the length of your packet directly in the
dissect_sle function?
why not doing something like this:
#include <string.h>
#define LENGTH_LECT 10000
...
static int dissect_sle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
char buffer[3]="";
int i=0, length =0;
char data[]= NULL;
data = malloc(tvb_length(tvb)*sizeof(char));
/* so we put all the hexadecimal data in a string */
for(i=0; i< (int) tvb_length(tvb); i++)
{
sprintf(buffer,"%02x", tvb_get_guint8(tvb, i));
strcat(data, buffer);
}
/* length is a number of octets
* we compare all the octet to see if we have the
terminating octet */
while (data[2*i]!= ... && data[2*i+1]!=...)
{
length ++;
}
tcp_dissect_pdus(tvb, pinfo, tree, ... length);
free(data);
}
Or we can count the number of end character, and call the
tcp_dissect_pdus each time. Well in fact this work if the end of
character is forbidden in the data, or if we can only find him at the
end of a structure. In the second case, it is a little bit more complex,
but you can create a new tree each time in the dissect_sle_message()
function.
I should have say something stupid, but it seems to me that it can work!
Regards
Aurelien
wsgd a écrit :
> Look at <wireshark sources>/doc/README.developer.
> 2.7 Reassembly/desegmentation for protocols running atop TCP.
> 2.7.2 Modifying the pinfo struct.
>
>
> Olivier
>
>
> Guy Harris a écrit :
>
>> On Aug 17, 2009, at 11:22 AM, Aurélien Decagny wrote:
>>
>>
>>
>>> When you use tcp_dissect_pdus, an argument is the length of the data
>>> to be decoded.
>>>
>>>
>> Unfortunately, in her case, the length can't be determined except by
>> scanning the packet for a terminating character:
>>
>>
>>
>>> On Aug 14, 2009, at 1:56 PM, Susan Ditmore wrote:
>>>
>>>
>>>
>>>> I am developing a packet dissector plugin for Wireshark. The packets
>>>> I am dissecting do not specify their length in their header, but
>>>> they are terminated by a special character (and can be a variable
>>>> length). Additionally, multiple complete packets of the protocol may
>>>> arrive in one tcp segment. I would like to know how to tell
>>>> wireshark to divide up these packets. I understand there is a
>>>> command called tcp_dissect_pdus(), but I believe it needs the length
>>>> specified in the header. Is this correct?
>>>>
>>>>
>> so she can't use tcp_dissect_pdus().
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
>> Archives: http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>>
>>
>>
>>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
>
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
