On 05/05/2011 16:59, Fernandez, Rafael wrote:
All,
I used to have a very simple get_message_tcpmessage_len. But most of the TCP packets would then say [TCP segment of a reassembled PDU].
I eliminated everything again. This is my current get_message_tcpmessage_len:
guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
guint remaining = tvb_length_remaining(tvb, offset);
guint last_size = tvb_get_letohl(tvb, offset)+MESSAGE_HEADER_SIZE;
if(last_size > remaining)
{
printf("not enough data: %d remaining: %d\n", last_size, remaining);
}
return last_size;
}
I get the following output in consecutive packets from host A to host B:
not enough data: 322 remaining: 144
not enough data: 445080968 remaining: 1448
There are no 445080968 byte messages being sent, ever. It is that the dissector called by tcp_dissect_pdus gets a partial message. Clearly, it is not buffering the packets correctly. I *could* hack it together but I thought this is part of what tcp_dissect_pdus was supposed to do.
BTW - I am using and compiling against 1.4.6.
Thank you for your responses,
Rafael
The types
you are using to hold "remaining" and "last_size" might be an
issue, tvb_length_remaining() returns a gint and
tvb_get_letohl() returns a guint32.
--
Regards,
Graham Bloice
|
