Wireshark · Wireshark-dev: [Wireshark-dev] help with tcp_dissect_pdus

["Kwan Ng [LAVA]" <kwan.ng@xxxxxxxxxxxxxxx>]

 

I’m using tcp_dissect_pdus() to dissect a TCP protocol that doesn’t include a message length field.  The messages are terminated by “\r\n”.

 

The function to return the message length is as follows:

static guint get_myproto_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)

{

      int msg_len, term_offset;

 

      term_offset = tvb_find_guint8(tvb, offset, -1, '\r') +2;

      if (term_offset == -1)

            return 0;

 

      msg_len = term_offset - offset;

      return msg_len;

 

}

 

The problem is if the message stretched over 2 (or more) pdus, the function fails and I get “Malformed Packet:” in Wireshark.

 

How to I tell tcp_dissect_pdus() to read more data and try again?

 

Thanks.

 

Kwan Ng

Development Integration Specialist

 

P Please consider the environment before printing this email or any attachments therein.

 

The information contained in this message and any attachments (the "Message") is intended for specific individual(s), and may be confidential or proprietary. If you are not the intended recipient, please notify the sender immediately, delete this Message and do not disclose. Messages are not secure or error free and can contain viruses and the sender is not liable for any of these occurrences. The sender reserves the right to monitor, record and retain Messages.