Hello,
I am having problem using the tcp_dissect_pdus and hope someone can help
me here.
The documentation seems pretty clear to me and I think I am doing what I
am suppose to do:
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, 20,
get_foo_message_len, dissect_foo_packet);
static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int
offset)
{
guint length;
unsigned char lengthBytes[4];
tvb_memcpy(tvb, lengthBytes, offset+MPI_LENGTH_INDEX, MPI_LENGTH_SIZE/8);
length = lengthBytes[0] + (lengthBytes[1]<<8) + (lengthBytes[2]<<16) +
(lengthBytes[3]<<24) + MPI_HEADER_SIZE;
return length;
}
Unfortunaty when I open a capture file it is not working properly.
When I attach to wireshark with a debugger I can see that the behavior is
not the one I expect:
1. The debugger stop to a first frame which contains the beginning of a
large message.
I can see that my get_foo_message_len is called and returns the length of
the complete message.
2. Then wireshark the process the next frame which contains the remaining
of the message. I can see it calls get_foo_message_len. Is this normal?
I don't think so and if it is what am I suppose to do since I can't
retrieve the size of the message the second time.
Best regards,
Fabien
PS: Sorry if this is a duplicate. I tried to send the question already
yesterday but I can't see it in my outbox so I guess I misclicked...
