Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Data from previous protocol

From: "ali alkhalidi" <alikhalidilug@xxxxxxxxx>
Date: Sun, 11 Mar 2007 16:23:46 +0200
looks promising, but:

	GString *error_string;
	gchar *temp;
	temp=(gchar *)g_malloc(10);
	sprintf(temp,"hello");
	error_string=register_tap_listener("ip", temp, "ip.version ==
4",myreset,mypacket,mydraw);
	
	if(error_string){
		fprintf(stderr, "Couldn't register ipsec %s\n",error_string->str);
		g_free(temp);
		g_string_free(error_string,TRUE);
		exit(1);
	}


drops runtime with:

Err  file syntax-tree.c: line 81 (sttype_lookup): assertion failed:
(result != NULL)

any idea why?

thanks,

On 3/11/07, ali alkhalidi <alikhalidilug@xxxxxxxxx> wrote:
well, I'm trying to to verify an AH packet. I've pretty much
structured the dissector but still I need the IP header information to
compile a buffer along with the rest of the payload to verification
module.

I'm reading the README.tapping file right now, but was hoping to do it
without touching the IP dissector

thanks

On 3/11/07, Richard van der Hoff <richardv@xxxxxxxxxxxxx> wrote:
> ali alkhalidi wrote:
> > the protocol I want data from is IP, and I'm intrested in at least the
> > least 20 bytes (a normal non-fragmented IP datagram) of it, things
> > that cover the basic things like packet-id, payload length, etc.
>
> The raw data isn't available to subdissectors. That's just not the way
> Wireshark is designed to work - decoding the raw IP data should be done
> once, by the IP dissector.
>
> Much of the data in the header is actually available; the source and
> destination IP addresses are in pinfo->net_src and pinfo->net_dst; if
> you need more, you may need to think about modifying the IP dissector.
>
> Have you considered registering an IP tap (see README.tapping)?  Such
> taps are passed all the header information in an e_ip structure.
>
> Otherwise, I suggest you explain a bit more about what end result you
> are trying to achieve.
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>