This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

problem with tcp_dissect_pdus while handling multiple TLVs

0

Hello Experts,

I have developed a customized wireshark plugin to decode our proprietary protocol in a TCP message. As we all know, TCP is byte stream oriented protocol hence one application message is not guaranteed in one TCP message. (one TCP message might contain many full messages / partial message). To handle the above scenario I am making use of tcp_dissect_pdus() that will wait until specified bytes are accumulated and calls the specified function accordingly. My 1 complete application message contains 68 bytes fixed header + 2 TLV structures inside it where in, I am required to obtain the length of the 1st TLV's length (1 byte) and move those many number of bytes + Tag& length (length of 2nd TLV is 2 bytes as value can be upto 64435) and then wait until the 2nd TLV's length number of bytes are available and then perform the decoding.

Problem:- Hence I tried using tcp_dissect_pdus() twice like given below:

/After getting 70 bytes obtain length of 1st TLV and then call the function which calculates the length of the 2nd TLV and finally calls the main decoding logic/

static void dissect_dsr(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data U) { tcp_dissect_pdus(tvb, pinfo, tree, dsr_desegment,70, get_dsr_tgtID_len, dissect_dsr_pdu, data);
}

static void dissect_dsr_pdu(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data U) { tcp_dissect_pdus(tvb, pinfo, tree, dsr_desegment,(70+tgtIDlen+3), get_dsr_pdu_len, dissect_dsr_message, data); }

Main decoding logic: static void dissect_dsr_message(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data U) { }

Query: Whether the above approach that I am using is valid? I am facing a problem where in 1st tcp_dissect_pdus() is calling the function properly but 2nd tcp_dissect_pdus() is not calling the decoding function at all.

Experts, Can you please help me out by sharing your valuable knowledge on this whether what should be done to handle this multiple TLV's scenario. ?

asked 10 Mar '15, 09:45

sunilking's gravatar image

sunilking
6112
accept rate: 0%