Ask Your Question
0

tvb_get_letohs() or tvb_get_bits16() is not working properly on ubuntu(little endian machine)

asked 2018-11-27 04:34:44 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hi,

we are migrating one of the existing plugin code from wireshark 1x to wireshark 2x. we have used tvb_get_ntohs() in existing code but it looks like it is invalid in 2x so tried to replace it with tvb_get_bits16/tvb_get_letohs() but it is not able to read 2 bytes of data properly.

ex:

dissect()      
    case NRACH_INDICATION:
    {      
        //length = tvb_get_ntohs(tvb, offset ); // this is 1x code
         length = tvb_get_bits16(tvb, offset, 16, ENC_LITTLE_ENDIAN); or length = tvb_get_letohs(tvb, offset );
    }
}

please let me know the issue of the above api calls.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-11-27 08:21:21 +0000

Pascal Quantin gravatar image

updated 2018-11-27 11:06:18 +0000

grahamb gravatar image

Hi, a call to tvb_get_ntohs() reads 2 bytes in big endian order, while a call to tvb_get_letohs() read 2 bytes in little endian order. Both are acting as working as designed, you simply need to know when to use each one (otherwise you get bytes swapped compared to what you would expect). tvb_get_ntohs() function stills exists in 2.x source code and is used in many places (more than 47 calls in our current code base), so I wonder why you say it is invalid.

edit flag offensive delete link more

Comments

Hi,

i am using little endian based machine i.e i do assume that tvb_get_ntohs() shouldn't be called. is that my assumption correct??, if my assumption is invalid then let me know when can tvb_get_ntohs() be used on little endian based machines.

when i try to read 2 bytes from the buffer using tvb_get_letohs()/tvb_get_bits16() it is is giving some junk values.

Kuru4634 gravatar imageKuru4634 ( 2018-11-27 09:20:23 +0000 )edit

What matters is not the endianess of your machine, but the byte order of your protocol. So if the bytes in your protocol are in network order (which seems to be the case), you must use tvb_get_ntohs(). BTW in case you have not read them yet, I strongly advise you to read the various documents found in the doc folder.

Pascal Quantin gravatar imagePascal Quantin ( 2018-11-27 09:22:41 +0000 )edit

thanks for your reply. in my case, i am getting errors due to invalid length field value. tvb_get_ntohs(tvb, offset ) didnt provide me valid length field so tried to use tvb_get_bits16/tvb_get_letohs but that also didnt help. btw tvb_get_ntohs(tvb, offset ) in 1.12.8 version gave the correct length field value only.

Kuru4634 gravatar imageKuru4634 ( 2018-11-27 11:14:33 +0000 )edit

This API was not changed between both versions, as you can see if you check the epan/tvbuff.h file. Both are defined as:

WS_DLL_PUBLIC guint16 tvb_get_ntohs(tvbuff_t *tvb, const gint offset);

I do not know what is your error exactly as you did not share the info, but for sure it is not this function that changed.

Pascal Quantin gravatar imagePascal Quantin ( 2018-11-27 13:15:21 +0000 )edit

i tried to share image with error details however this site is not allowing me to post image. appreciate if you can share your email id to contact regarding the same.

Kuru4634 gravatar imageKuru4634 ( 2018-12-03 08:51:47 +0000 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-11-27 04:34:44 +0000

Seen: 570 times

Last updated: Nov 27 '18