Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] wanted to find frame size

From: Hardik Patel <hardik.party@xxxxxxxxx>
Date: Thu, 25 Jul 2013 17:39:00 +0200
Hi,

Thank you very much for your response.

I have my packet header length of 11 byte.

i used tcp_dissect_pdus() but not working as expected for me.

static guint get_foo_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset)
{
    /* TODO: change this to your needs */
    guint pdu_length;
    offset = 0;
    pdu_length = RTD_PKT_HEADER_T_SIZE    + tvb_get_letohs(tvb, 6 + offset); // header is 11 bytes + offset frm whre i get length
    return pdu_length;
    //return (guint)tvb_get_ntohl(tvb, offset+6); /* e.g. length is at offset 4 */
}

static void dissect_rts(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    tcp_dissect_pdus(tvb, pinfo, tree, TRUE, RTD_PKT_HEADER_T_SIZE,
                         get_foo_message_len, dissect_rts_message);
}



Regardless this function, as i have send snapshot, we can see that tvb buffer contains frames and i wanted to know size of each.

Just for checking purpose i have hard code below line to skip first 708 frame and after that my dissectors work fine.


    if (pinfo->fd->num==710)
        offset += 7;


and able to decode my packet header which contain further details to dissect.


Regards,
Hardik Patel


On Thu, Jul 25, 2013 at 4:23 PM, <mmann78@xxxxxxxxxxxx> wrote:
Shouldn't tcp_dissect_pdus() being doing the work for you?  You need to specify "minimum length" (which could be the size of your header, but usually it's just up to the "size" field in your header, wherever that may be), and after that the "length" function passed in should tell it how big your packet is.
 
Or is the issue that you don't know the size of your packet, so you can't use tcp_dissect_pdus?
 
-----Original Message-----
From: Hardik Patel <hardik.party@xxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Thu, Jul 25, 2013 9:46 am
Subject: [Wireshark-dev] wanted to find frame size

Hello,

I have created dissector which is failing if TCP reassemble two packet.

Below is an example :
Inline image 1


In this case TCP have reassembled two frame 708 and 710.
708 have 7 byte of data which is not my packet header. my packet header start from 0 byte of 710
frame so i need to find method due to which i know if frame is of sufficient length or not.

If i can find length then simple i can put offset of 7 byte so i can start with my header and dissect it.


Regards,
Hardik Patel
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe