I have a dissector that uses tcp_dissect_pdus that does not seem to be
doing the job. Please help.
I have a dump that contains 4 TCP packets that are all related to the
same message (a total of 4428 bytes).
The first 3 packets are a length of 1460 bytes and the last 48 bytes =>
1460 * 3 + 48 = 4428
When dissection takes place, the desegmentation does not seem to
properly occur.
Under the TCP portion of the dissection it properly says:
[PDU Size: 4428]
But the data available for dissection is only the size of the first
packet (1460)
What I am doing wrong? Thanks for any help.
Below are excerpts from my dissector:
#define FRAME_HEADER_LEN 4
static void
dissect_myproto_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree
*tree)
{
/* Check that there's enough data */
total_len = tvb_length(tvb);
printf("Total_len = %u\n", total_len); // THIS prints 1460
.
// Dissect my data
.
}
static guint
get_myproto_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
guint length = 0;
// myproto message (length is 2 bytes starting at offset 0 * 4)
length = (guint) ( tvb_get_ntohs( tvb, offset ) * 4 ); // Get the
length
printf("TOTAL of mesage = %u\n", length); // This prints 4428
return length;
}
/* Code to actually dissect the packets */
static void
dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
get_myproto_message_len, dissect_myproto_message);
}
Confidentiality Notice: This e-mail (including any attachments) is intended
only for the recipients named above. It may contain confidential or privileged
information and should not be read, copied or otherwise used by any other
person. If you are not a named recipient, please notify the sender of that fact
and delete the e-mail from your system.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
