ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4988] C array export and fragmented IP packets

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 8 Dec 2011 18:42:26 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4988

Chris Maynard <christopher.maynard@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #7545|                            |review_for_checkin?
               Flag|                            |

--- Comment #6 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2011-12-08 18:42:23 PST ---
Created an attachment (id=7545)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7545)
Enhance "File -> Export -> File -> as C Arrays (packet bytes) file"

This patch allows all data sources of a frame to be exported as a C array.  I
also changed the declaration from char to const unsigned char and explicitly
indicate the length of the array, e.g., for a 1514 byte packet:

char pkt1[] ->  const unsigned char pkt1[1514]

I considered declaring it as static, but left it out for now.  It can easily be
added though.

If pkt2 has multiple data sources, then subsequent sources will be enumerated. 
For example, if pkt1 is 1514 bytes, and pkt2 is 562 bytes, but also contains
2008 bytes of reassembled data from pkt1 and pkt2, then the declarations will
be:

const unsigned char pkt1[1514] = {...};
const unsigned char pkt2[562] = {...};

/* Reassembled IPv4 (2008 bytes) */
const unsigned char pkt2_1[2008] = {...};

It is up to the user to determine what the meaning of the data contained within
pkt2_1[] is - it could be reassembled data, decrypted data, etc., although the
comment I included above the array, which is the name of the data source,
should make it obvious.

Anyway, the output should now more closely mimic "File -> Export -> File -> as
Plain Text File ..."  The patch should be applied to the trunk.  Since this is
new functionality, it is unlikely to be backported to the 1.6 or 1.4 branches
and definitely not to the 1.2 branch, as that one has reached end-of-life. 
I'll let the patch sit for a bit before committing it, in case there are any
critiques or suggestions for further improvements.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube