Wireshark-dev: Re: [Wireshark-dev] TCP reassembling

Date: Fri, 9 Dec 2011 11:04:46 +0100
Hi

I tried this

static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int
offset)
{
	guint length;

	length = tvb_get_letohl(tvb,offset+MPI_LENGTH_INDEX) + MPI_HEADER_SIZE;

    return length ;
}

But I get exactly the same result.
The length returned is the same as before and seems correct to me...

Thx
Fabien


> Hi fab12,
>
> On Fri, Dec 09, 2011 at 08:25:12AM +0100, fab12@xxxxxxxxxxx wrote:
>> Hello,
>>
>> I am having problem using the tcp_dissect_pdus and hope someone can help
>> me here.
>>
>> The documentation seems pretty clear to me and I think I am doing what I
>> am suppose to do:
>>
>> 	tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 20,
>>                     get_foo_message_len, dissect_foo_packet);
>>
>>
>> static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int
>> offset)
>> {
>> 	guint length;
>> 	unsigned char lengthBytes[4];
>>
>> 	tvb_memcpy(tvb, lengthBytes, offset+MPI_LENGTH_INDEX,
>> MPI_LENGTH_SIZE/8);
>> 	length = lengthBytes[0] + (lengthBytes[1]<<8) + (lengthBytes[2]<<16) +
>> (lengthBytes[3]<<24) + MPI_HEADER_SIZE;
>>
>>     return length;
>> }
>
> Try to use tvb_get_ntohl or tvb_get_htonl. AFAIA you wanna read some kind
> of
> integer from raw data, am I right ?
>
>> Unfortunaty when I open a capture file it is not working properly.
>> When I attach to wireshark with a debugger I can see that the behavior
>> is
>> not the one I expect:
>>
>> 1. The debugger stop to a first frame which contains the beginning of a
>> large message.
>> I can see that my get_foo_message_len is called and returns the length
>> of
>> the complete message.
>> 2. Then wireshark the process the next frame which contains the
>> remaining
>> of the message. I can see it calls get_foo_message_len. Is this normal?
>> I don't think so and if it is what am I suppose to do since I can't
>> retrieve the size of the message the second time.
>>
>> Best regards,
>> Fabien
>>
>> PS: Sorry if this is a duplicate. I tried to send the question already
>> yesterday but I can't see it in my outbox so I guess I misclicked...
>>
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> --
> Best regards,
> Andriy
> 0xBDDBDAE3
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe