Re: [Wireshark-dev] TCP reassembling

Fri, 09 Dec 2011 00:54:51 -0800 

Hi fab12,

On Fri, Dec 09, 2011 at 08:25:12AM +0100, fa...@freesurf.fr wrote:
> Hello,
> 
> I am having problem using the tcp_dissect_pdus and hope someone can help
> me here.
> 
> The documentation seems pretty clear to me and I think I am doing what I
> am suppose to do:
> 
>       tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 20,
>                     get_foo_message_len, dissect_foo_packet);
> 
> 
> static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int
> offset)
> {
>       guint length;
>       unsigned char lengthBytes[4];
> 
>       tvb_memcpy(tvb, lengthBytes, offset+MPI_LENGTH_INDEX, 
> MPI_LENGTH_SIZE/8);
>       length = lengthBytes[0] + (lengthBytes[1]<<8) + (lengthBytes[2]<<16) +
> (lengthBytes[3]<<24) + MPI_HEADER_SIZE;
> 
>     return length;
> }

Try to use tvb_get_ntohl or tvb_get_htonl. AFAIA you wanna read some kind of
integer from raw data, am I right ?
 
> Unfortunaty when I open a capture file it is not working properly.
> When I attach to wireshark with a debugger I can see that the behavior is
> not the one I expect:
> 
> 1. The debugger stop to a first frame which contains the beginning of a
> large message.
> I can see that my get_foo_message_len is called and returns the length of
> the complete message.
> 2. Then wireshark the process the next frame which contains the remaining
> of the message. I can see it calls get_foo_message_len. Is this normal?
> I don't think so and if it is what am I suppose to do since I can't
> retrieve the size of the message the second time.
> 
> Best regards,
> Fabien
> 
> PS: Sorry if this is a duplicate. I tried to send the question already
> yesterday but I can't see it in my outbox so I guess I misclicked...
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

-- 
Best regards,
Andriy
0xBDDBDAE3

Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to