2013-02-25 65 views
0

我寫了解剖,夫婦的消息在一個包中

我發現一個包包含幾個裏面不同的/冷漠的消息,對這個問題

有人可以點? 這是一個問題嗎?

我重新組合TCP數據包...

這是夾層的功能: (FRAME_HEADER_LEN = 8)

static void 
dissect_PROTOC(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) 
{ 
    //Reassembling TCP fragments 
    tcp_dissect_pdus(tvb, pinfo, tree, TRUE, FRAME_HEADER_LEN, 
        get_PROTOC_message_len, dissect_PROTOC_message); 

} 

static guint get_PROTOC_message_len(packet_info *pinfo, tvbuff_t *tvb, int offset) 
{ 
    /* the packet's size is "length" + 4bytes of TYPESIZE + 4bytes of LENGTHSIZE + 256bytes of CONTEXTIDSIZE */ 
    return (guint)(tvb_get_ntohl(tvb, offset + 4) + CONTEXT_ID_SIZE + TYPE_SIZE + LENGTH_SIZE); /* e.g. length is at offset 4 */ 
} 

static void dissect_PROTOC_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) 
{ 
    /* my dissecting code */ 
    guint32 packet_type = tvb_get_ntohl(tvb, 0); 

    col_set_str(pinfo->cinfo, COL_PROTOCOL, "PROTOC"); 
    /* Clear out stuff in the info column */ 
    col_clear(pinfo->cinfo,COL_INFO); 
    col_add_fstr(pinfo->cinfo, COL_INFO, "%d > %d [%s]",pinfo->srcport, pinfo->destport, 
      val_to_str(packet_type, packettypenames, "Unknown (0x%02x)")); 

    if (tree) { /* we are being asked for details */ 
     proto_item *ti    = NULL; 
     proto_tree *PROTOC_tree   = NULL; 
     proto_item *PROTOC_data   = NULL; 
     proto_tree *PROTOC_data_tree = NULL; 
     guint32 type = 0; 
     guint32 length = 0; 
     gint offset  = 0; 

     ti = proto_tree_add_item(tree, proto_PROTOC, tvb, 0, -1, ENC_NA); 
     proto_item_append_text(ti, ", Type: %s", 
      val_to_str(packet_type, packettypenames, "Unknown (0x%02x)")); 
     PROTOC_tree = proto_item_add_subtree(ti, ett_PROTOC); 

     //getting type 
     type = tvb_get_ntohl(tvb, offset); 
     proto_tree_add_item(PROTOC_tree, hf_PROTOC_pdu_type, tvb, 0, TYPE_SIZE, ENC_BIG_ENDIAN); 
     offset += TYPE_SIZE; 

     //getting length for the data length 
     length = tvb_get_ntohl(tvb, offset); 
     proto_tree_add_item(PROTOC_tree, hf_PROTOC_len, tvb, offset, LENGTH_SIZE, ENC_BIG_ENDIAN); 
     offset += LENGTH_SIZE; 
     proto_tree_add_item(PROTOC_tree, hf_PROTOC_contextid, tvb, offset, CONTEXT_ID_SIZE, ENC_BIG_ENDIAN); 
     offset += CONTEXT_ID_SIZE; 
     PROTOC_data = proto_tree_add_item(PROTOC_tree, hf_PROTOC_data, tvb, offset, length, FALSE); 
     PROTOC_data_tree = proto_item_add_subtree(PROTOC_data, ett_PROTOC_data); 
     offset += length; 

    } 
} 

回答

1

我發現其中包含幾個不同的/淡漠一個分組裏面的信息,

...

我重裝TCP數據包...

這對運行在TCP協議很常見的;不能保證TCP段的邊界將與在TCP之上運行的協議中的分組邊界相對應。 TCP段可以包含多個高級協議數據包的一部分或全部,並且高級協議數據包可以由來自多個TCP段的數據組成。