Wireshark-dev: Re: [Wireshark-dev] how to extract "IP.len" (IP_total length) to my local variab

Date: Sat, 25 Jun 2011 02:47:49 +0800
thanks Jaap.

Now that tvb_length() and tvb_reported_length() are different. Could you please tell me which one I need to use?
As shown in the following picture,
|-----------------------------------------------------
|                                        |
| ... | ... | total length| ...    |    IP header
|--------------------------------|--------------------
|                                        |
|         ................               |   IP Pay Load
|                                        |
|  ...........      | byte to read||
|--------------------------------|--------------------

The situation is: I need to read the last byte of the packet, the last byte containing a length value, we can say such as 10 bytes, and then I need to move back 10 bytes from the end of last byte, and here is my dissector start to work location.

 What I thought is: to get the IP_total_length first, and then to get to the "byte to read" location. --- Is that correct? or any other ways to do it? I still don't know how to do it yet.

Is there any doc or sample code I can refer to?

Thanks a lot, I do appreciate your help

John




> Date: Fri, 24 Jun 2011 09:33:15 +0200
> From: jaap.keuter@xxxxxxxxx
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: Re: [Wireshark-dev] how to extract "IP.len" (IP_total length) to my local variable in my dissector?
>
> On 06/24/2011 09:13 AM, John x wrote:
> > Hi, folks,
> >
> > I am developing a dissector, my tasks are:
> >
> > 1. to get the 锟斤拷ip.len锟斤拷 (the total length in IP header),
> > 2. using the ip.len to know how long the packet would be and extract the last
> > byte to my local variable.
> >
> > *Could you guys please tell me how to get the IP锟斤拷s total length from IP header? *
> > *How to extract the last byte of my packet? *
> >
> > Any suggestions or advices would be appreciated.
> >
> > Thanks for your help
> > John
> >
>
> So your dissector sits on top of the IP dissector. It gets a TVB (Testy, Virtual
> Buffer) with the IP packet data. Then you can use all the wonderful functions in
> epan/tvbuff.h to get access to that (meta-)data.
> Like tvb_length() and tvb_reported_length().
>
> Two things: Never go into the TVB data directly, always find the proper access
> function. Be aware that captured packets can be cut short, so the length you
> have (tvb_length) might be smaller than the original (tvb_reported_length).
>
> Thanks,
> Jaap
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe