Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Undissected packet bytes

From: Dario Lombardo <dario.lombardo.ml@xxxxxxxxx>
Date: Wed, 4 Feb 2015 10:51:14 +0100
Hi Evan
This looks promising. Where can I use this call?
If I run it from within a dissector 

packet-hpfeeds.c:344 (just an example... for purpose of testing)

        for (i = 0; i < len; i++) {
            fi = proto_find_field_from_offset(tree, i, tvb);
            g_print("TEST1 %p %d %p => %p\n", tree, i, tvb, fi);
        }

it always returns NULL.

If I run it from the gtk gui

packet-panes.c:369

        g_print("TEST2 %p %d %p => %p\n", tree, byte, tvb, finfo);

it returns a (valid?) pointer.

The 2 prints show the same values of pointer/offsets. 

Where should a "for" routine like the above could be added in the code so it shows every undissected byte in every dissector?
Thanks.
Dario.

On Tue, Feb 3, 2015 at 6:15 PM, Evan Huus <eapache@xxxxxxxxx> wrote:
As far as I know this is not currently available, but it would
probably be fairly useful and easy. You just need to iterate the proto
tree and keep track of which byte ranges are claimed/unclaimed.
proto_find_field_from_offset does something related to this (it is
used for matching bytes to fields in the UI) so it's probably a good
place to start.

On Tue, Feb 3, 2015 at 12:08 PM, Dario Lombardo
<dario.lombardo.ml@xxxxxxxxx> wrote:
> Hi list
> I was wondering if there is a comfortable way to find out undissected bytes
> in packets. This would be useful to find incomplete dissectors.
> Any hint?
> Thanks!
> Dario.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe