Hi Didier and Guys,
I finally figured it out! The only change I need to do is change "offset +=
offset_thisRound; " to "offset = offset_thisRound". Actually I was using
offset_thisRound for debugging information, to show how many bytes each time
we consume. We can just remove offset_thisRound variable, and instead do:
offset = dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
This will also works!
Thanks for fast replies from you guys. Wireshark rocks!
Zongjun
On 9/27/07, Zongjun <[EMAIL PROTECTED]> wrote:
>
> Hey Didier,
>
> I put "offset_thisRound =
> dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree); " after if(tree){...},
> and IT WORKS! I can have multiple different PDUs in one segment! Amazing!
>
> The only thing is now I get much frequenter cases of "malformed packet".
>
> I don't understand your point #3. You mean put it outside if(tree){...},
> or outside while (){...}
>
> Here is my current code:
> static void
> dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
> {
> gint offset = 0; // always points to the front
> gint available = 0; // how many bytes still available to consume
> gint offset_thisRound = 0;
> while((available = tvb_reported_length_remaining (tvb, offset)) > 0)
> {
> printf("available = %d\n", available);
>
>
> /* make entry in the Protocol column on summary display */
> if (check_col(pinfo->cinfo, COL_PROTOCOL))
> col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
>
>
> /* create the myproto protocol tree */
> if (tree) {
> myproto_item = proto_tree_add_item(tree, proto_myproto, tvb,
> offset, -1, FALSE);
> myproto_tree = proto_item_add_subtree(myproto_item, ett_myproto);
> }
> offset_thisRound = dissect_MyProtoMessage_PDU(tvb
> ,pinfo,myproto_tree);
> offset += offset_thisRound;
>
> } //while:
> }
>
>
>
> On 9/27/07, Didier <[EMAIL PROTECTED]> wrote:
>
> > *On Thu, 27 Sep 2007 13:13:17 -0700, Zongjun wrote*
> > > On 9/27/07, Zongjun <[EMAIL PROTECTED] > wrote:
> > >
> > > Hey Didier,
> > > >
> > > > You mean like
> >
> >
> > >
> > > gint offset_thisRound = 0; // of course, outside if(tree)block.
> > >
> > >
> > >
> > > if (tree) {
> > > > myproto_item = proto_tree_add_item(tree, proto_myproto,
> > > tvb, offset, -1, FALSE);
> > > > myproto_tree = proto_item_add_subtree(myproto_item,
> > > ett_myproto);
> > > > offset_thisRound =
> > > dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
> > > > }
> > > > offset += offset_thisRound;
> > > >
> > > > I tried but still the same result.
> > > No you have to:
> > > 1) compute offset_thisRound outside 'if (tree)' otherwise you'll get
> > > and endless loop if tree is null, if you unset coloring and reload the
> > > file
> > > for example.
> > >
> > > 2) call dissect_MyProtoMessage_PDU with the new offset.
> > > while(...) {
> > > offset_thisRound = dissect_MyProtoMessage_PDU(tvb,pinfo,offset, tree);
> > >
> > > offset += offset_thisRound;
> > > }
> > >
> > > 3) IMO myproto_item = proto_tree_add_item(tree, proto_myproto, tvb,
> > > offset, -1, FALSE); should be outside the loop, inside it breaks the
> > > protocol hierarchy statistic.
> > >
> > > Thanks,
> > > Zongjun
> > > >
> > >
> > > >
> > > > On 9/27/07, Didier <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > > >
> > > > > Hi*
> > > > > On Thu, 27 Sep 2007 12:02:32 -0700, Zongjun wrote*
> > > > > > Hey guys,
> > > > > >
> > > > > > According to my capture, I don't have situations where ONE PDU
> > > > spans over multiple TCP segment. In stead, mine is the other round:
> > > > Single
> > > > segment having multiple PDUs.
> > > > > >
> > > > > > But using the folling code, what I observed is wireshark did put
> > > > multiple PDU info inside the Detail Window after TCP, however these
> > > > PDUs are
> > > > always the same. But in the bottom hexdump window, they are definitely
> > > > from
> > > > different PDU.
> > > > > >
> > > > > > I noticed there has been a similar issue before Wireshark-dev:
> > > > Re: [Wireshark-dev] Dissect multiple PDUs in one TCP
> > > > Segment.<http://www.wireshark.org/lists/wireshark-dev/200705/msg00294.html>
> > > > > > But again, it is not for single segment having multiple PDU.
> > > > > >
> > > > > > Anyone see the same issue?
> > > > > >
> > > > > > Thanks,
> > > > > > Zongjun
> > > > > >
> > > > > > static void
> > > > > > dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree
> > > > *tree)
> > > > > > {
> > > > > > gint offset = 0; // always points to the front
> > > > > > gint available = 0; // how many bytes still available to consume
> > > >
> > > > > >
> > > > > > while((available = tvb_reported_length_remaining(tvb, offset)) >
> > > > 0)
> > > > > > {
> > > > > > printf("available = %d\n", available);
> > > > > >
> > > >
> > > >
> > > > > > /* make entry in the Protocol column on summary display */
> > > >
> > > > > > if (check_col(pinfo->cinfo, COL_PROTOCOL))
> > > > > > col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
> > > > > >
> > > >
> > > >
> > > > > > /* create the myproto protocol tree */
> > > > > > if (tree) {
> > > > >
> > > > > > myproto_item = proto_tree_add_item(tree, proto_myproto,
> > > > tvb, offset, -1, FALSE);
> > > > > >
> > > >
> > > >
> > > > > > myproto_tree = proto_item_add_subtree(myproto_item,
> > > > ett_myproto);
> > > > > >
> > > > > > offset +=
> > > > dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
> > > > > offset computation should always be outside if (tree) block .
> > > > > >
> > > >
> > > >
> > > > > > }
> > > > > > printf("offset = %d\n", offset);
> > > > > >
> > > >
> > > >
> > > > > > if(tvb_reported_length_remaining(tvb, offset) > 0)
> > > > > > {
> > > > > > printf("haha, we get a multiple PDU. \n");
> > > > > > }
> > > > > > } //while:
> > > > > > }
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Wireshark-dev mailing list
> > > > > [email protected]
> > > > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > > > >
> > > > >
> > >
> > >
> > > >
> > >
> > > > --
> > > > Thanks,
> > > > Zongjun
> > >
> >
> > >
> >
> > > --
> > > Thanks,
> > > Zongjun
> >
> >
> >
> > _______________________________________________
> > Wireshark-dev mailing list
> > [email protected]
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> >
>
>
> --
> Thanks,
> Zongjun
--
Thanks,
Zongjun
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
