Wireshark · Wireshark-dev: Re: [Wireshark-dev] Familiar with gtk/sctp_graph

Wireshark-dev: Re: [Wireshark-dev] Familiar with gtk/sctp_graph_dlg.c?

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 26 Apr 2011 10:03:02 -0700

On Apr 26, 2011, at 1:12 AM, Michael Tüxen wrote:

> The fields in the packet are 4 byte aligned. But if the whole structure might not...
> So should we copy them?

...or fetch them with pntohl().

Where are the contents of the structure coming from?  If they're coming from the raw packet data - i.e., if the pointer in question is pointing into the raw packet data from the tvbuff handed to the SCTP dissector - then not only might the data not be aligned on a 4-byte boundary, it might not even contain all the data you're looking at if the packet was cut short by a snapshot length.

Follow-Ups:
- Re: [Wireshark-dev] Familiar with gtk/sctp_graph_dlg.c?
  - From: Michael Tüxen

References:
- [Wireshark-dev] Familiar with gtk/sctp_graph_dlg.c?
  - From: Stephen Fisher
- Re: [Wireshark-dev] Familiar with gtk/sctp_graph_dlg.c?
  - From: Michael Tüxen
- Re: [Wireshark-dev] Familiar with gtk/sctp_graph_dlg.c?
  - From: Guy Harris
- Re: [Wireshark-dev] Familiar with gtk/sctp_graph_dlg.c?
  - From: Michael Tüxen

Prev by Date: Re: [Wireshark-dev] Hidden Proto Fields
Next by Date: [Wireshark-dev] how to remove/unregister a dissector?
Previous by thread: Re: [Wireshark-dev] Familiar with gtk/sctp_graph_dlg.c?
Next by thread: Re: [Wireshark-dev] Familiar with gtk/sctp_graph_dlg.c?
Index(es):
- Date
- Thread