Wireshark-dev: Re: [Wireshark-dev] TCP Dissect PDU's
From: "Steve Grinwis" <[email protected]>
Date: Fri, 25 Aug 2006 14:30:03 -0400
You da man!  Works perfectly now.

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Guy Harris
Sent: Friday, August 25, 2006 2:25 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] TCP Dissect PDU's

Steve Grinwis wrote:

> First of all I am using the TCP_dissect_pdu's function, and it works 
> great if there are multiple TCP packets in the same pdu.  However if
> goes the other way, and there are multiple PDU's in the same tcp
> the dissect_pdu's will pull the length out of the first pdu, and then 
> attempt to reapply that length over and over again in the same TCP 
> packet.  Hilarity (a.k.a chaos) ensues.  Am I using the function 
> incorrectly?

Probably.  It works fine in that case with other dissectors.

The length is fetched by calling back to the "get PDU length" routine; 
that routine is passed a pointer to a tvbuff *and* an offset in that 
tvbuff, and the offset is the offset within that tvbuff of the beginning

of the PDU.

If your "get PDU length" routine is fetching the length from the 
*beginning* of the tvbuff it's handed, it's incorrect.  It should fetch 
the length starting at the offset it's handed.

Wireshark-dev mailing list
[email protected]

This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.