Wireshark-dev: Re: [Wireshark-dev] how to extract "IP.len" (IP_total length) to my local variab
From: Jaap Keuter <[email protected]>
Date: Fri, 24 Jun 2011 09:33:15 +0200
On 06/24/2011 09:13 AM, John x wrote:
> Hi, folks,
> 
> I am developing a dissector, my tasks are:
> 
> 1. to get the “ip.len” (the total length in IP header),
> 2. using the ip.len to know how long the packet would be and extract the last 
> byte to my local variable.
> 
> *Could you guys please tell me how to get the IP’s total length from IP header? *
> *How to extract the last byte of my packet? *
> 
> Any suggestions or advices would be appreciated.
> 
> Thanks for your help
> John
> 

So your dissector sits on top of the IP dissector. It gets a TVB (Testy, Virtual
Buffer) with the IP packet data. Then you can use all the wonderful functions in
epan/tvbuff.h to get access to that (meta-)data.
Like tvb_length() and tvb_reported_length().

Two things: Never go into the TVB data directly, always find the proper access
function. Be aware that captured packets can be cut short, so the length you
have (tvb_length) might be smaller than the original (tvb_reported_length).

Thanks,
Jaap