Wireshark-dev: Re: [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
From: Clifford Sibanda <cclsibanda@xxxxxxxxx>
Date: Mon, 17 Aug 2009 06:59:53 -0700 (PDT)
Thank you Olivier & Stephen
I fixed my info problem and am now able to get my protocol dissected just the way I expect it to. Had a problem with my socket sending a ridiculous length -much more than the actual length and thus dissection couldn't start till the full length is available which in this case was impossible. Once fixed I have my protocol dissected just fine.
I realise though that TCP keeps record of the 1st segment before the full packet is available with the "reassembled segment", but not much of a concern as I still get my protocol tree when the whole packet is available.
Definitely much easier than I thought.
Regards
Clifford
I fixed my info problem and am now able to get my protocol dissected just the way I expect it to. Had a problem with my socket sending a ridiculous length -much more than the actual length and thus dissection couldn't start till the full length is available which in this case was impossible. Once fixed I have my protocol dissected just fine.
I realise though that TCP keeps record of the 1st segment before the full packet is available with the "reassembled segment", but not much of a concern as I still get my protocol tree when the whole packet is available.
Definitely much easier than I thought.
Regards
Clifford
From: wsgd <wsgd@xxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Friday, August 14, 2009 9:08:10 PM
Subject: Re: [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
Clifford Sibanda a écrit :
> Thanks Olivier
>
> Actually I discovered the errors on storage class were because I
> placed the tcp_dissect function within my main dissect function so I
> have since moved it and at the moment I'm able to compile it right
> through with no error. Now I just need to figure out how to get my
> columns info and my protocol tree to reappear because now all I get is
> my packet in the TCP protocol tree and column information indicating
> that it is a TCP reassembled packet.
It could be because tcp_dissect_pdus do not find the end of the pdu.
Check that get_l2i_message_len returns a good length of message.
>
> ------------------------------------------------------------------------
> *From:* wsgd <wsgd@xxxxxxx>
> *To:* Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
> *Sent:* Thursday, August 13, 2009 8:20:07 PM
> *Subject:* Re: [Wireshark-dev] Add the next Tvb packet to current tvb
> before dissecting
>
>
> The warning is saying that the parameter 'pinfo' is NOT used inside the
> function.
> It is not important.
> Try this : "packet_info *pinfo _U_," instead of "packet_info *pinfo,"
> (not sure that the warning will disappear).
>
>
> The "storage" error ?
> Absolutely not sure.
> Try :
> - remove the static keyword
> - put the 2 functions in the same file where you call tcp_dissect_pdus
> - put the 2 functions before the place where you call tcp_dissect_pdus
> - do not declare function inside functions
>
>
>
> Olivier
>
>
> Clifford Sibanda a écrit :
> > Thank you Olivier for responding
> >
> > The reason why I attempted to do the reassemble the long way wa
> > because using the tcp_dissect_pdus I get the following errors
> >
> > :647:error: invalid storage class for function 'dissect_l2i_message'
> > for this line
> > static void dissect_l2i_message(tvbuff_t *tvb, packet_info *pinfo,
> > proto_tree *tree)
> > {
> >
> > and same error for this line
> > :652: error: invalid storage class for function 'get_l2i_message_len'
> > for this line
> > static guint get_l2i_message_len(packet_info *pinfo, tvbuff_t *tvb,
> > int offset)
> > {
> >
> > also
> > a warning
> >
> > :651: warning: unused parameter 'pinfo'
> >
> > for the same line
> > static guint get_l2i_message_len(packet_info *pinfo, tvbuff_t *tvb,
> > int offset)
> > {
> >
> > I'm not sure what it is that I'm doing wrong here
> >
> > I have taken note of void assignment by next_tvb=
> > And i have removed it but I suppose if I can get the tcp_dissect_pdus
> > to work for me the better because my protocol is running atop tcp.
> >
> > Regards
> >
> > Clifford
> > ------------------------------------------------------------------------
> > *From:* wsgd <wsgd@xxxxxxx <mailto:wsgd@xxxxxxx>>
> > *To:* Developer support list for Wireshark
> <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>>
> > *Sent:* Wednesday, August 12, 2009 8:27:38 PM
> > *Subject:* Re: [Wireshark-dev] Add the next Tvb packet to current tvb
> > before dissecting
> >
> > Hello,
> >
> > The displayed error says that tvb_set_child_real_data_tvbuff returns
> > void (nothing).
> > See epan/tvbuff.h
> > So you are trying : next_tvb=void
> >
> >
> > Other thing :
> > I do not understand why you are trying to do reassembly by yourself
> > since this is the goal of tcp_dissect_pdus.
> >
> >
> >
> > Olivier
> >
> >
> >
> > Clifford Sibanda a écrit :
> > >
> > > Good day
> > >
> > > I would like to get some assistance if anyone out there can.
> > >
> > > I am working a plugin dissector that handles data from an asynchronous
> > > source. The asynchronous source first sends a packet with just the
> > > message length of the next packet which contains the real data.
> > >
> > > What i would love to do is to keep this packet with just the length of
> > > the next packet and append to it the next packet before I proceed with
> > > dissecting.
> > >
> > > I have tried using the tcp_dissect_pdus and the longer reassembly
> > > method but I get this error using both methods:
> > >
> > > error: void value not ignored as it ought to be
> > >
> > > for this line
> > >
> > > next_tvb=tvb_set_child_real_data_tvbuff(tvb,next_tvb);
> > >
> > > I'm not sure what it is that I'm doing wrong
> > >
> > > And if there is a simpler way of just adding the next tvb without
> > > going the reassemble route I would like to use that one
> > >
> > > Thank you
> > >
> > > Clifford Sibanda
> > > Good day
> > >
> > >
> > >
> ------------------------------------------------------------------------
> > >
> > >
> >
> ___________________________________________________________________________
> > > Sent via: Wireshark-dev mailing list
> <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>
> > <mailto:wireshark-dev@xxxxxxxxxxxxx
> <mailto:wireshark-dev@xxxxxxxxxxxxx>>>
> > > Archives: http://www.wireshark..org/lists/wireshark-dev
> > <http://www.wireshark.org/lists/wireshark-dev>
> > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > > mailto:wireshark-dev-request@xxxxxxxxxxxxx
> <mailto:wireshark-dev-request@xxxxxxxxxxxxx>
> > <mailto:wireshark-dev-request@xxxxxxxxxxxxx
> <mailto:wireshark-dev-request@xxxxxxxxxxxxx>>?subject=unsubscribe
> >
> >
> ___________________________________________________________________________
> > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx
> <mailto:wireshark-dev@xxxxxxxxxxxxx>
> > <mailto:wireshark-dev@xxxxxxxxxxxxx
> <mailto:wireshark-dev@xxxxxxxxxxxxx>>>
> > Archives: http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > mailto:wireshark-dev-request@xxxxxxxxxxxxx
> <mailto:wireshark-dev-request@xxxxxxxxxxxxx>
> > <mailto:wireshark-dev-request@xxxxxxxxxxxxx
> <mailto:wireshark-dev-request@xxxxxxxxxxxxx>>?subject=unsubscribe
> >
> > ------------------------------------------------------------------------
> >
> >
> ___________________________________________________________________________
> > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx
> <mailto:wireshark-dev@xxxxxxxxxxxxx>>
> > Archives: http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > mailto:wireshark-dev-request@xxxxxxxxxxxxx
> <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx
> <mailto:wireshark-dev@xxxxxxxxxxxxx>>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx
> <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe
>
> ------------------------------------------------------------------------
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
- From: Clifford Sibanda
- Re: [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
- From: wsgd
- Re: [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
- From: Clifford Sibanda
- Re: [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
- From: wsgd
- Re: [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
- From: Clifford Sibanda
- Re: [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
- From: wsgd
- [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
- Prev by Date: Re: [Wireshark-dev] Except.c build errors
- Next by Date: Re: [Wireshark-dev] Promiscouos mode and pseudo-device
- Previous by thread: Re: [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
- Next by thread: Re: [Wireshark-dev] Add the next Tvb packet to current tvb before dissecting
- Index(es):
- Get Wireshark
- Download
- Code of Conduct