Wireshark-dev: Re: [Wireshark-dev] TCP reassembling

Date: Fri, 9 Dec 2011 16:48:03 +0100
I eventually figured it out.

I was calling the tcp_dissect_pdus like this

	if (tree) /* we are being asked for details */
	{
			tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 20,
                     get_foo_message_len, dissect_foo_message);
	}

When I remove the if tree it is working. So I moved the if tree test to
the dissect_foo_message.

Br
Fabien


> Hi
>
> I tried this
>
> static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int
> offset)
> {
> 	guint length;
>
> 	length = tvb_get_letohl(tvb,offset+MPI_LENGTH_INDEX) + MPI_HEADER_SIZE;
>
>     return length ;
> }
>
> But I get exactly the same result.
> The length returned is the same as before and seems correct to me...
>
> Thx
> Fabien
>
>
>> Hi fab12,
>>
>> On Fri, Dec 09, 2011 at 08:25:12AM +0100, fab12@xxxxxxxxxxx wrote:
>>> Hello,
>>>
>>> I am having problem using the tcp_dissect_pdus and hope someone can
>>> help
>>> me here.
>>>
>>> The documentation seems pretty clear to me and I think I am doing what
>>> I
>>> am suppose to do:
>>>
>>> 	tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 20,
>>>                     get_foo_message_len, dissect_foo_packet);
>>>
>>>
>>> static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int
>>> offset)
>>> {
>>> 	guint length;
>>> 	unsigned char lengthBytes[4];
>>>
>>> 	tvb_memcpy(tvb, lengthBytes, offset+MPI_LENGTH_INDEX,
>>> MPI_LENGTH_SIZE/8);
>>> 	length = lengthBytes[0] + (lengthBytes[1]<<8) + (lengthBytes[2]<<16) +
>>> (lengthBytes[3]<<24) + MPI_HEADER_SIZE;
>>>
>>>     return length;
>>> }
>>
>> Try to use tvb_get_ntohl or tvb_get_htonl. AFAIA you wanna read some
>> kind
>> of
>> integer from raw data, am I right ?
>>
>>> Unfortunaty when I open a capture file it is not working properly.
>>> When I attach to wireshark with a debugger I can see that the behavior
>>> is
>>> not the one I expect:
>>>
>>> 1. The debugger stop to a first frame which contains the beginning of a
>>> large message.
>>> I can see that my get_foo_message_len is called and returns the length
>>> of
>>> the complete message.
>>> 2. Then wireshark the process the next frame which contains the
>>> remaining
>>> of the message. I can see it calls get_foo_message_len. Is this normal?
>>> I don't think so and if it is what am I suppose to do since I can't
>>> retrieve the size of the message the second time.
>>>
>>> Best regards,
>>> Fabien
>>>
>>> PS: Sorry if this is a duplicate. I tried to send the question already
>>> yesterday but I can't see it in my outbox so I guess I misclicked...
>>>
>>>
>>> ___________________________________________________________________________
>>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>> --
>> Best regards,
>> Andriy
>> 0xBDDBDAE3
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>