Wireshark · Wireshark-dev: Re: [Wireshark-dev] Multiple Packets in One TCP Segment

[Aurélien Decagny <funtim78@xxxxxxxxxxx>]

I think this is a stupid question, but anyway:
Why don't you get directly the length of your packet directly in the 
dissect_sle function?

why not doing something like this:

#include <string.h>
#define LENGTH_LECT 10000

...

static int dissect_sle(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
            char buffer[3]="";
             int i=0, length =0;
             char data[]= NULL;

            data = malloc(tvb_length(tvb)*sizeof(char));

         /* so we put all the hexadecimal data in a string */
           for(i=0; i< (int) tvb_length(tvb); i++)
           {
               sprintf(buffer,"%02x", tvb_get_guint8(tvb, i));
               strcat(data, buffer);
           }

            /* length is a number of octets
               * we compare all the octet to see if we have the 
terminating octet */
            while (data[2*i]!= ... && data[2*i+1]!=...)
              {
                  length ++;
               }

            tcp_dissect_pdus(tvb, pinfo, tree, ... length);

            free(data);
}

Or we can count the number of end character, and call the 
tcp_dissect_pdus each time. Well in fact this work if the end of 
character is forbidden in the data, or if we can only find him at the 
end of a structure. In the second case, it is a little bit more complex, 
but you can create a new tree each time in the dissect_sle_message() 
function.

I should have say something stupid, but it seems to me that it can work!

Regards

Aurelien


wsgd a �crit :
> Look at <wireshark sources>/doc/README.developer.
> 2.7 Reassembly/desegmentation for protocols running atop TCP.
> 2.7.2 Modifying the pinfo struct.
>
>
> Olivier
>
>
> Guy Harris a �crit :
>   
> > On Aug 17, 2009, at 11:22 AM, Aur�lien Decagny wrote:
> >
> >   
> >     
> > > When you use tcp_dissect_pdus, an argument is the length of the data  
> > > to be decoded.
> > >     
> > >       
> > Unfortunately, in her case, the length can't be determined except by  
> > scanning the packet for a terminating character:
> >
> >   
> >     
> > > On Aug 14, 2009, at 1:56 PM, Susan Ditmore wrote:
> > >
> > >     
> > >       
> > > > I am developing a packet dissector plugin for Wireshark. The packets
> > > > I am dissecting do not specify their length in their header, but
> > > > they are terminated by a special character (and can be a variable
> > > > length). Additionally, multiple complete packets of the protocol may
> > > > arrive in one tcp segment. I would like to know how to tell
> > > > wireshark to divide up these packets. I understand there is a
> > > > command called tcp_dissect_pdus(), but I believe it needs the length
> > > > specified in the header. Is this correct?
> > > >       
> > > >         
> > so she can't use tcp_dissect_pdus().
> > ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> >
> >
> >   
> >     
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>