ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [Ethereal-dev] dissector being called with same packets twice?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Michael Shuldman <michaels@xxxxxxx>
Date: Fri, 1 Aug 2003 16:20:24 +0200
Hello, !'m having a problem with what appears to be the dissector
being called with the same packets twice (it's reading a
previously saved capturefile).  Here's an excerpt from the debugger,
starting with the first entry into the dissector function registered
with create_dissector_handle():

Breakpoint 31, dissect_x11 (tvb=0x4de8b4, pinfo=0x4c8e08, tree=0x4dc818)
    at packet-x11.c:4271
4271          if (check_col(pinfo->cinfo, COL_PROTOCOL))
(gdb) p pinfo->fd->num
$161 = 4
(gdb) p *tvb
$162 = {type = TVBUFF_SUBSET, initialized = 1, usage_count = 1, 
  ds_tvb = 0x4de818, used_in = 0x0, tvbuffs = {subset = {tvb = 0x4de880, 
      offset = 20, length = 12}, composite = {tvbs = 0x4de880, 
      start_offsets = 0x14, end_offsets = 0xc}}, real_data = 0x4db036 "B", 
  length = 12, reported_length = 12, raw_offset = -1, free_cb = 0}

And then again on the next entry into the same routine:

Breakpoint 31, dissect_x11 (tvb=0x4de9b8, pinfo=0x4c8f08, tree=0x4dcdf4)
    at packet-x11.c:4271
4271          if (check_col(pinfo->cinfo, COL_PROTOCOL))
(gdb) p pinfo->fd->num
$163 = 4
(gdb) p *tvb
$164 = {type = TVBUFF_SUBSET, initialized = 1, usage_count = 1, 
  ds_tvb = 0x4de91c, used_in = 0x0, tvbuffs = {subset = {tvb = 0x4de984, 
      offset = 20, length = 12}, composite = {tvbs = 0x4de984, 
      start_offsets = 0x14, end_offsets = 0xc}}, real_data = 0x4db036 "B", 
  length = 12, reported_length = 12, raw_offset = -1, free_cb = 0}


The same seems to be the case higher up, e.g. dissect_tcp().

In both calls on dissect_x11(), we end up having all the data we need
(i.e. no desgmenting required) and we dissect the packet, and after
the second dissection, the information about the packet ends up
getting printed out to the screen, but I don't understand why it
doesn't happen the first time.  Is there a function "we're done
with this data" I'm not calling?

The code path in my code is identical on both calls as the
data is the same (I'm working on modified sources but the same happens
in stock ethereal-0.9.7 dissect_x11()).

(Please Cc me on replies)
With kind regards,

-- 
  _ // 
  \X/ -- Michael Shuldman <michaels@xxxxxxx>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube