thanks Jaap. Now that tvb_length() and tvb_reported_length() are different. Could you please tell me which one I need to use? As shown in the following picture, |----------------------------------------------------- | | | ... | ... | total length| ... | IP header |--------------------------------|-------------------- | | | ................ | IP Pay Load | | | ........... | byte to read|| |--------------------------------|--------------------
The situation is: I need to read the last byte of the packet, the last byte containing a length value, we can say such as 10 bytes, and then I need to move back 10 bytes from the end of last byte, and here is my dissector start to work location. What I thought is: to get the IP_total_length first, and then to get to the "byte to read" location. --- Is that correct? or any other ways to do it? I still don't know how to do it yet. Is there any doc or sample code I can refer to? Thanks a lot, I do appreciate your help John > Date: Fri, 24 Jun 2011 09:33:15 +0200 > From: jaap.keu...@xs4all.nl > To: wireshark-dev@wireshark.org > Subject: Re: [Wireshark-dev] how to extract "IP.len" (IP_total length) to my > local variable in my dissector? > > On 06/24/2011 09:13 AM, John x wrote: > > Hi, folks, > > > > I am developing a dissector, my tasks are: > > > > 1. to get the “ip.len” (the total length in IP header), > > 2. using the ip.len to know how long the packet would be and extract the > > last > > byte to my local variable. > > > > *Could you guys please tell me how to get the IP’s total length from IP > > header? * > > *How to extract the last byte of my packet? * > > > > Any suggestions or advices would be appreciated. > > > > Thanks for your help > > John > > > > So your dissector sits on top of the IP dissector. It gets a TVB (Testy, > Virtual > Buffer) with the IP packet data. Then you can use all the wonderful functions > in > epan/tvbuff.h to get access to that (meta-)data. > Like tvb_length() and tvb_reported_length(). > > Two things: Never go into the TVB data directly, always find the proper access > function. Be aware that captured packets can be cut short, so the length you > have (tvb_length) might be smaller than the original (tvb_reported_length). > > Thanks, > Jaap > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
