Wireshark-dev: Re: [Wireshark-dev] starting the actual packet counting using wireshark function
On Jan 28, 2010, at 11:12 AM, Brian Oleksa wrote:
> Basically... I am having a hard time converting my code below to use the
> built in calls to make sure there is no buffer overrun
The builtin calls *themselves* do the buffer checks - if you pass an out-of-range offset to, for example, a tvb_get_ call, it will throw an exception, and dissection of the packet will stop. proto_tree_add_item() uses tvb_get_ calls to fetch data, so they will also cause an exception to be thrown if the offset is out of range.
> and to make sure
> that I am on the correct packet I am trying to dissect.
>
> I have a header of size 18 that I want to skip..
No, you have a header of size 18 that you want to *dissect*, with a 2-byte magic field, an 8-byte checksum field (which, as per "CRC Questions", is probably 4 bytes of 0 and 4 bytes of CRC32, thanks to Java's lack of unsigned data types), and an 8-byte transmission time. Don't just skip it, put the header fields into the dissection along with the rest of the packet.
> then the next packet I am dissecting.
What you're presumably dissecting are part of the *same* packet. The Helen packet format:
https://www.darkcornersoftware.com/confluence/display/open/Packet+Structure
indicates that a packet has the 18-byte header followed by a series of extensions; those are all part of the same packet.
The page at
https://www.darkcornersoftware.com/confluence/display/open/Helen+Manual
says this runs over UDP, so there's one Helen packet for each UDP packet. Your dissector will be called by the UDP dissector for each UDP packet, so it is handed a tvbuff containing one and only one Helen packet, so you don't have to worry about whether you're on the correct packet - you will, by definition, be on the *only* packet within a given UDP packet.