Wireshark-dev: Re: [Wireshark-dev] accessing field in IP header from L2TP dissector
On Jul 17, 2008, at 7:58 PM, alex volinsky wrote:
I'm adding DOCSIS DEPI dissector to Wireshark. The packet format is
Ethernet/ IPv4 / L2TPv3/ DEPI. To parse DEPI payload correctly, I
need to know the packet length, which is obtained from IP header.
Does the DEPI dissector need to know how big the *IP* packet is, or
just how big the *DEPI* packet is? I don't see anything obvious in
http://www.cablelabs.com/specifications/CM-SP-DEPI-I05-070223.pdf
to indicate that anything that reads the DEPI packet needs to care
about the length of the headers preceding the DEPI packet.
(In addition, note that you'd need to know how big the IPv4 header
is. Furthermore, at least as I read that spec, the packet format
could either be Ethernet/IPv4/L2TPv3/DEPI *OR* Ethernet/IPv4/UDP/
L2TPv3/DEPI, so the IP header length isn't sufficient, either.)
One of the options is to set my data pointer 18 bytes back in the
beginning of L2TPv3 header dissector,
That's not a valid option - your dissector gets handed a tvbuff that
is not guaranteed to provide access to any data other than the L2TP
tunnel payload. (The implementation might happen not to prevent you
from referring to data before the beginning of the tvbuff, but we make
no guarantee whatsoever that this will continue to work, and will
never make such a guarantee.)
