Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP

From: Chris Maynard <chris.maynard@xxxxxxxxx>
Date: Thu, 5 May 2011 16:27:26 +0000 (UTC)
Fernandez, Rafael <Rafael.Fernandez@...> writes:

> This is my current get_message_tcpmessage_len:
> 
> guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
> {
>         guint remaining  = tvb_length_remaining(tvb, offset);
>         guint last_size = tvb_get_letohl(tvb, offset)+MESSAGE_HEADER_SIZE;
>         if(last_size > remaining)
>         {
>                 printf("not enough data: %d remaining: %d\n", last_size,
remaining);
>         }
>         return last_size;
> }
> 

This is still wrong.  You shouldn't be trying to figure out if you've got enough
data; tcp_dissect_pdus() will handle all that for you.  This function only needs
to return the length of the entire PDU so tcp_dissect_pdus() knows how much data
it needs to reassemble before calling your dissector.  Try changing the function
to something like what I posted earlier.

You might also re-read section 2.7.1 of doc/README.developer, as it could help
you in the case of UDP.  And take a look at other examples in the Wireshark
codebase, such as packet-dns.c which doc/README.developer references in its 
example.

And stop using printf().  If you need to, try using g_warning() instead.