Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP packets

Thu, 05 May 2011 12:34:06 -0700 

Correct. Please look at the message I sent about an hour ago for a detailed 
explanation of the issue.

-----Original Message-----
From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Guy Harris
Sent: Thursday, May 05, 2011 2:26 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] TCP dissect issue when app-level message spans 
multiple TCP packets


On May 5, 2011, at 8:59 AM, Fernandez, Rafael wrote:

> guint get_message_tcpmessage_len(packet_info *pinfo, tvbuff_t *tvb, int 
> offset)
> {
>        guint remaining  = tvb_length_remaining(tvb, offset);
>        guint last_size = tvb_get_letohl(tvb, offset)+MESSAGE_HEADER_SIZE;

So, in your protocol:

        all messages start with a fixed-length header MESSAGE_HEADER_SIZE bytes 
long, and may have zero or more bytes after that header;

        the first 4 bytes of a message (i.e., the first 4 bytes of the header) 
are a little-endian value that is the length of the part of the message after 
the fixed-length header?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe


CONFIDENTIALITY AND SECURITY NOTICE

The contents of this message and any attachments may be confidential and 
proprietary and also may be covered by the Electronic Communications Privacy 
Act. This message is not intended to be used by, and should not be relied upon 
in any way, by any third party.  If you are not an intended recipient, please 
inform the sender of the transmission error and delete this message immediately 
without reading, disseminating, distributing or copying the contents. Citadel 
makes no assurances that this e-mail and any attachments are free of viruses 
and other harmful code.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to