Wireshark · Ethereal-dev: [Ethereal-dev] next_tvb problem (I promise never top post again if this is fixed :)

Ethereal-dev: [Ethereal-dev] next_tvb problem (I promise never top post again if this is fixed

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Charles Wilkinson <c_s_wilkinson@xxxxxxxxxxx>

Date: Wed, 31 Aug 2005 15:46:34 +0100 (BST)

Right at the risk of being flamed, this is driving me
nuts :)

I have a fixed 20 bytes header that reasembles IP,
plus 6 octets added to the end.

I have dissected 26 bytes in IP.C, the only thing I
can do while waiting for a reason that my next_tvb has
the wrong offsets. I only want to create a new tvb
buff to pass onto the eth dissector, in order to
continue dissecting the packet as if the outer headers
had never existed (this is a MAC-in something like IP
-in MAC encapuslation). I don't intend to release this
code to the community, nortel only want a simple patch
to the standard IP.c dissector. I know this isn't the
right way to create a dissector, but don't care :)

What I need is some info concerning tvb's. Have I got
the entire buffer minus the lower level protocols, i.e
minus the ethernet header and any vlan tags. I can
access the bytes beyond the 20 standard bytes of IP so
I assume I have. Have I got all the rest of the buffer
or is it limited in length.

Normally I have 26 bytes that I need to cut off of the
tvb buffer. Why does this not work:

static dissector_handle_t eth_handle;
eth_handle = find_dissector("eth");
int available_length = tvb_length(tvb) - 26;/*20 for
the ip header and 6 for the TLS*/
int reported_length = hlen - 6;//hlen - 26 causes a
//buffer overflow and

/segmentation fault
next_tvb = tvb_new_subset(
tvb,
26,
MIN(available_length, reported_length),
reported_length
);
call_dissector(eth_handle, next_tvb, pinfo,
parent_tree);

Aren't I telling the tvb buff to be shortened by 26
bytes, that all that is left is the length of the
buffer -26 bytes, and that the reported length is hlen
(which == 20). I know that reported length is negative
but at least I don't get a segmentation fault. when I
try hlen + 26 ethereal crashes

How can I cut off the 26 bytes, how do the
repoprted-lengths and available_lengths differ. How do
each of the parameters to tvb_new_subset() work. How
can I pass the new tvb buffer to eth and get it to
work.
I have been posting all day under the title MAC-in-MAC
encapsulation. I really need some help...
Please advise.
All the best
Charles

___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com

References:
- [Ethereal-dev] call_dissector
  - From: Charles Wilkinson

Prev by Date: Re: [Ethereal-dev] netxray.c patches
Next by Date: Re: [Ethereal-dev] MAC in Mac encapsulation (Nortel)
Previous by thread: [Ethereal-dev] call_dissector
Next by thread: Re: [Ethereal-dev] call_dissector
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$