Re: [Wireshark-dev] starting the actual packet counting using wireshark functions

Thu, 28 Jan 2010 11:31:00 -0800 

On Jan 28, 2010, at 11:12 AM, Brian Oleksa wrote:

> Basically... I am having a hard time converting my code below to use the 
> built in calls to make sure there is no buffer overrun

The builtin calls *themselves* do the buffer checks - if you pass an 
out-of-range offset to, for example, a tvb_get_ call, it will throw an 
exception, and dissection of the packet will stop.  proto_tree_add_item() uses 
tvb_get_ calls to fetch data, so they will also cause an exception to be thrown 
if the offset is out of range.

> and to make sure 
> that I am on the correct packet I am trying to dissect.
> 
> I have a header of size 18 that I want to skip..

No, you have a header of size 18 that you want to *dissect*, with a 2-byte 
magic field, an 8-byte checksum field (which, as per "CRC Questions", is 
probably 4 bytes of 0 and 4 bytes of CRC32, thanks to Java's lack of unsigned 
data types), and an 8-byte transmission time.  Don't just skip it, put the 
header fields into the dissection along with the rest of the packet.

> then the next packet I am dissecting.

What you're presumably dissecting are part of the *same* packet.  The Helen 
packet format:

        
https://www.darkcornersoftware.com/confluence/display/open/Packet+Structure

indicates that a packet has the 18-byte header followed by a series of 
extensions; those are all part of the same packet.

The page at

        https://www.darkcornersoftware.com/confluence/display/open/Helen+Manual

says this runs over UDP, so there's one Helen packet for each UDP packet.  Your 
dissector will be called by the UDP dissector for each UDP packet, so it is 
handed a tvbuff containing one and only one Helen packet, so you don't have to 
worry about whether you're on the correct packet - you will, by definition, be 
on the *only* packet within a given UDP packet.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

Reply via email to