Wireshark-dev: [Wireshark-dev] tcp_dissect_pdus. get reassemble TCP
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Mon, 15 Oct 2012 11:05:52 -0400
[I've chosen to continue on wireshark-dev the discussion originally started on ask.wireshark.org. 

http://ask.wireshark.org/questions/14950/tcp_dissect_pdus-get-reassemble-tcp
]

================================================================

Hi, I'm using

    tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN,
    get_foo_message_len, dissect_foo_message)
to reassemble split TCP Packets in my own dissector. However, I cannot get the full TCP packet. In the dissect_foo_message, I do nothing first, just get the full TCP context by using: 

    data_len = tvb_length(tvb);
    sprintf(str, "%s\n", tvb_get_string(tvb, 122, data_len));

the context in str is truncated.
I'm confused, according to the tutorial, I should get the full TCP packet in the dissect_foo_message, right? Help!! 
reassemble tcp

razygon

---------------
Comment:
We'll need to see a bit more of your code. How are you determining the actual length of the PDU in get_foo_message_len() ?
dissect_foo_message() will be handed a tvb of whatever length is returned by get_foo_message_len() 
(12 Oct, 06:48) Bill Meier

----------------
Comment:

void proto_reg_handoff_dataparse(void)
{
dataparse_handle = create_dissector_handle(dissect_dataparse, proto_dataparse); 
    dissector_add_uint("tcp.port", dataparse_PORT, dataparse_handle);
    **`//so the tvb only include data, no package headers, right?`**

}
static guint get_dataparse_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset) 
{
    return 2000;
}
static void dissect_dataparse_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) 
{
    int ip_len = 0;
    int data_len = 0;
    char *str;

    FILE *stream;

    if ((stream = fopen(filename,"a")) ==NULL)
    {
        return;
    }

    data_len = tvb_length(tvb);
    str = (char *)malloc(data_len);
    sprintf(str, "%s\n", tvb_get_string(tvb, 0, 2000));
    fwrite(str, strlen(str), 1, stream);
    if(stream != NULL)
    fclose(stream);

}
(4 hours ago) razygon

-----------------
Comment:
Hi Bill, I didn't finish the code, now i'm testing the function tcp_dissect_pdus() to check whether it works. But i try to give specific code in the below comment. besides that I have two questions: 1. I cannot get the len in advance, for the protocol didn't give it... is there any other way to get it? 2. for test, i set the return value of get_foo_message_len fixed, like 2000. but the data i get is not consecutive? confused... 

===========

OK:

1. I'm not sure what you mean by "the data is not consecutive".

2. Re: "I cannot get the len in advance"

   What determines when you have a complete PDU (which presumably
   consists of TCP payload data which may extend over several packets).

3. Re:
     **`//so the tvb only include data, no package headers, right?`**

     Right. The tvb will contain the TCP payload data.