Wireshark-dev: Re: [Wireshark-dev] Single TCP segment having multiple PDUs not working
Hey Didier,
I put "
offset_thisRound =
dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
" after if(tree){...}, and IT WORKS! I can have multiple different PDUs in one segment! Amazing!
The only thing is now I get much frequenter cases of "malformed packet".
I don't understand your point #3. You mean put it outside if(tree){...}, or outside while (){...}
Here is my current code:
static void
dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{gint offset = 0; // always points to the front
gint available = 0; // how many bytes still available to consume
gint offset_thisRound = 0;
while((available = tvb_reported_length_remaining
(tvb, offset)) > 0)
{
printf("available = %d\n", available);
/* make entry in the Protocol column on summary display */
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
/* create the myproto protocol tree */
if (tree) {
myproto_item = proto_tree_add_item(tree, proto_myproto, tvb, offset, -1, FALSE);
myproto_tree = proto_item_add_subtree(myproto_item, ett_myproto);
}
offset_thisRound = dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
offset += offset_thisRound;
} //while:
}
On 9/27/07, Didier <dgautheron@xxxxxxxx> wrote:
On Thu, 27 Sep 2007 13:13:17 -0700, Zongjun wrote
> On 9/27/07, Zongjun <qizongjun@xxxxxxxxx
>
wrote:
Hey Didier,
>
> You mean like
>
>
gint offset_thisRound = 0; // of course,
outside
if(tree)
block.
>
>
if (tree)
{
>
myproto_item = proto_tree_add_item(tree, proto_myproto, tvb,
offset, -1,
FALSE);
> myproto_tree =
proto_item_add_subtree(myproto_item,
ett_myproto);
>
offset_thisRound =
dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
>
}
> offset += offset_thisRound;
>
> I
tried but still the same
result.
No you have to:
1) compute offset_thisRound outside 'if (tree)' otherwise you'll get and endless loop if tree is null, if you unset coloring and reload the file for example.
2) call dissect_MyProtoMessage_PDU
with the new offset.
while(...) {
offset_thisRound =
dissect_MyProtoMessage_PDU(tvb,pinfo,offset, tree);
offset += offset_thisRound;
}
3) IMO myproto_item = proto_tree_add_item(tree, proto_myproto, tvb,
offset, -1,
FALSE); should be outside the loop, inside it breaks the protocol hierarchy statistic.
Thanks,
Zongjun
>
>
>
On 9/27/07,
Didier <dgautheron@xxxxxxxx>
wrote:
>
>
Hi
> On Thu, 27 Sep 2007 12:02:32 -0700, Zongjun
wrote
> > Hey
guys,
> >
> > According to my capture, I don't have situations
where ONE PDU spans over multiple TCP segment. In stead, mine is the other
round: Single segment having multiple PDUs.
> >
> > But using the
folling code, what I observed is wireshark did put multiple PDU info inside the
Detail Window after TCP, however these PDUs are always the same. But in the
bottom hexdump window, they are definitely from different PDU.
> >
> > I noticed there has been a similar issue before Wireshark-dev:
Re: [Wireshark-dev] Dissect multiple PDUs in one TCP
Segment.
> > But
again, it is not for single segment having multiple
PDU.
> >
> > Anyone see the same issue?
> >
> >
Thanks,
> >
Zongjun
> >
> > static
void
> > dissect_myproto(tvbuff_t *tvb,
packet_info *pinfo, proto_tree
*tree)
> >
{
> > gint offset = 0; //
always points to the
front
> > gint available = 0; // how many bytes still
available to
consume
> >
> > while((available = tvb_reported_length_remaining(tvb, offset))
>
0)
> >
{
> >
printf("available = %d\n",
available);
> >
> > /* make entry in the Protocol
column on
summary display
*/
> > if
(check_col(pinfo->cinfo,
COL_PROTOCOL))
> >
col_set_str(pinfo->cinfo, COL_PROTOCOL,
PSNAME);
> >
> > /* create the myproto protocol tree
*/
> > if (tree)
{
>
> >
myproto_item = proto_tree_add_item(tree, proto_myproto, tvb,
offset, -1,
FALSE);
> >
> > myproto_tree =
proto_item_add_subtree(myproto_item,
ett_myproto);
> >
> >
offset +=
dissect_MyProtoMessage_PDU(tvb,pinfo,myproto_tree);
> offset computation should always be outside if (tree) block
.
> >
> >
}
> >
printf("offset = %d\n",
offset);
> >
> >
if(tvb_reported_length_remaining(tvb,
offset) >
0)
> >
{
> >
printf("haha, we get a
multiple PDU.
\n");
> >
}
> > }
//while:
> >
}
>
>
> _______________________________________________
> Wireshark-dev
mailing list
> Wireshark-dev@xxxxxxxxxxxxx
>
http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
>
> --
> Thanks,
> Zongjun
>
> --
>
Thanks,
>
Zongjun
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
--
Thanks,
Zongjun
