First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

tvb_get_letohs() or tvb_get_bits16() is not working properly on ubuntu(little endian machine)

  • retag add tags

Hi,

we are migrating one of the existing plugin code from wireshark 1x to wireshark 2x. we have used tvb_get_ntohs() in existing code but it looks like it is invalid in 2x so tried to replace it with tvb_get_bits16/tvb_get_letohs() but it is not able to read 2 bytes of data properly.

ex:

dissect()      
    case NRACH_INDICATION:
    {      
        //length = tvb_get_ntohs(tvb, offset ); // this is 1x code
         length = tvb_get_bits16(tvb, offset, 16, ENC_LITTLE_ENDIAN); or length = tvb_get_letohs(tvb, offset );
    }
}

please let me know the issue of the above api calls.

updated 2018-11-27 04:34:44 +0000
This post is a wiki. Anyone with karma >750 is welcome to improve it.
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Hi, a call to tvb_get_ntohs() reads 2 bytes in big endian order, while a call to tvb_get_letohs() read 2 bytes in little endian order. Both are acting as working as designed, you simply need to know when to use each one (otherwise you get bytes swapped compared to what you would expect). tvb_get_ntohs() function stills exists in 2.x source code and is used in many places (more than 47 calls in our current code base), so I wonder why you say it is invalid.

Pascal Quantin's avatar
5.8k
Pascal Quantin
answered 2018-11-27 08:21:21 +0000
grahamb's avatar
23.8k
grahamb
updated 2018-11-27 11:06:18 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Hi,

i am using little endian based machine i.e i do assume that tvb_get_ntohs() shouldn't be called. is that my assumption correct??, if my assumption is invalid then let me know when can tvb_get_ntohs() be used on little endian based machines.

when i try to read 2 bytes from the buffer using tvb_get_letohs()/tvb_get_bits16() it is is giving some junk values.

Kuru4634's avatar Kuru4634 (2018-11-27 09:20:23 +0000) edit
more
  • delete

What matters is not the endianess of your machine, but the byte order of your protocol. So if the bytes in your protocol are in network order (which seems to be the case), you must use tvb_get_ntohs(). BTW in case you have not read them yet, I strongly advise you to read the various documents found in the doc folder.

Pascal Quantin's avatar Pascal Quantin (2018-11-27 09:22:41 +0000) edit
more
  • delete

thanks for your reply. in my case, i am getting errors due to invalid length field value. tvb_get_ntohs(tvb, offset ) didnt provide me valid length field so tried to use tvb_get_bits16/tvb_get_letohs but that also didnt help. btw tvb_get_ntohs(tvb, offset ) in 1.12.8 version gave the correct length field value only.

Kuru4634's avatar Kuru4634 (2018-11-27 11:14:33 +0000) edit
more
  • delete

This API was not changed between both versions, as you can see if you check the epan/tvbuff.h file. Both are defined as:

WS_DLL_PUBLIC guint16 tvb_get_ntohs(tvbuff_t *tvb, const gint offset);

I do not know what is your error exactly as you did not share the info, but for sure it is not this function that changed.

Pascal Quantin's avatar Pascal Quantin (2018-11-27 13:15:21 +0000) edit
more
  • delete

i tried to share image with error details however this site is not allowing me to post image. appreciate if you can share your email id to contact regarding the same.

Kuru4634's avatar Kuru4634 (2018-12-03 08:51:47 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer