Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Accessing SCTP data chunk length etc

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Tue, 22 Jul 2008 18:02:03 +0200
the information about the length of the transported pdu is passed via the tvb.

take a look at tvbuff.h


On Mon, Jul 21, 2008 at 3:20 PM, Gastermann, Bernd Christian
<bernd-christian.gastermann@xxxxxxxxxxx> wrote:
> Dear Wireshark team!
>
> I am currently writing a wireshark plugin which dissects custom data chunks
> from within a sctp message. Unfortunately, in order to work properly, it is
> necessary to know how long this specific sctp data chunk is. I've tried
> several things (for example writing another sctp plugin which overwrites the
> existing one) but nothing worked or solved the problem. The only solution
> was to modify wireshark's internal sctp dissector (packet-sctp) to write all
> the necessary information (in this case data chunk length without header
> length) into the private data of packetinfo (pinfo->private_data) so that my
> dissector can read it.
>
> I currently need the data chunk stream id and length from within these sctp
> packets for debugging. Now I have two questions:
> Firstly, do you know a better, easier solution for this problem without
> modifying wireshark itself?
> And secondly, if there is no better way, do you think it is possible to
> integrate such changes into wireshark's public source code so that we can
> access this information in future versions too (although it may not be very
> useful for others)?
>
> I attached a diff-file with all changes I made to 'packet-sctp.c' and
> 'packet-sctp.h'. I used revision 25778 from SVN.
>
> Any suggestions would be highly appreciated! :)
> Thanks in advance!
> Bernd Gastermann
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan