Thread: Re Using char*'s Parsing Wireshark Dump

Hello! I am making a program to parse wire-shark dump files. This is my first foray into C, but I am fairly experience with C++. I am having some trouble with my character arrays.

I am wanting to use two character arrays, one called "line" used to grab lines of text form the file, and the other "chunk" is a collection of these lines of text that is separated by the presences of the word "No." and will be passed to a function that a friend of mine is working on.

I have so far tested my program on two dump files, and I have been testing my parsing by using printf to print the "chunk" to the screen before I call my friends function. When I test the file "dump1" get this output:

Code:

No.     Time        Source                Destination           Protocol Info

���������     65 16.033438   192.168.1.108         208.111.158.52        UDP      Source port: 50883  Destination port: 27017

Frame 65: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits)
Ethernet II, Src: HonHaiPr_d4:68:5a (0c:ee:e6:d4:68:5a), Dst: Netgear_a4:e2:38 (c4:3d:c7:a4:e2:38)
Internet Protocol, Src: 192.168.1.108 (192.168.1.108), Dst: 208.111.158.52 (208.111.158.52)
User Datagram Protocol, Src Port: 50883 (50883), Dst Port: 27017 (27017)
Data (84 bytes)

0000  56 53 30 31 30 00 07 04 00 16 00 00 00 3d d2 41   VS010........=.A
0010  00 00 00 00 c8 00 00 00 01 00 00 00 00 00 00 00   ................
0020  30 00 00 00 cd e9 61 4f b7 19 0c de 06 47 88 ad   0.....aO.....G..
0030  4a 5a 4a 74 74 19 a2 06 48 58 1c 49 24 7a 3e 22   JZJtt...HX.I$z>"
0040  56 d6 76 b1 55 23 30 47 cf 6c 9f d6 f7 d3 3f bf   V.v.U#0G.l....?.
0050  6c 3e 11 e1                                       l>..

Complete with the garbled characters on each frame I print out.

Even worse, when I try and load in "dump2" I get an error about "double free", which leads me to believe that cause for my error is the way that I am attempting to reuse my character arrays. My code with memory calls is shown below:

Code:

char * chunk;/*chunk of data to be passed to represent one packet  */
char * line; /*designed to hold a line of input from dump file  */
..............................
chunk = malloc(2500);/*2500 bytes is an oversized char* on purpose*/
line = malloc(250);/*unsure of how many chars per line so so large again*/
..........................
while(fgets(line,250,dump) != NULL){ /*reads file for generating array  */
                if(strstr(line,"No.") != NULL && first != 1){/*Controls reading into chunk by ID 'No.' in dump  */
                        strcat(chunk,line);
                        printf("%s\n",chunk);
                        packetPointerArray[count] = newPacket(chunk);
                        free(line);
                        free(chunk);
                        chunk = malloc(2500);
                        line = malloc(250);
                }
                strcat(chunk,line);
                free(line);
                line = malloc(250);
                first = 0;/*not the first line of text  */
        }

So the errors that I am trying to resolve, which I feel are related, deal with the garbled characters, and the double free error upon opening dump2. Would anyone have any advice about how to deal with these? Perhaps some advice on reusing char*'s?

Thanks so much guys!

It looks like you are strcat'ing into chunk, but chunk is never initialized anywhere I can see so whatever happened to be there, you are keeping. The first time you probably want to strcpy.

Does the packetPointerArray line store chunk somewhere? If so, then freeing it on the line after the line after that is a grave error.

Also why you keep freeing line and re-mallocing I have no idea. The point of a buffer here is that you don't free and re-malloc, you just keep reading on top of it, then moving it (via strcat/strcpy) where you want it.

Chunk is not stored anywhere after I pass it to "newPacket", so the error is not the memory being freed to a pointer that is stored elsewhere. What I am atempting to do is as follows:

Read in the file line by line by storing each line into "line";
After a line has been read, store it into "chunk";
clear out "line" to make room for the next line;
repeat until "chunk" has the appropriate data stored;
Pass "chunk" to "newpacket" to strip the data off of it;
clear out "chunk" so the cycle can continue until every packet has been processed.

If I was using C++ i'd do something like as follows, but I don't know if C strings work the same way.

Code:

string line;
string chunk;
vector<packet*> packets;
.......
while(!dump.eof()){
  getline(dump,line);
  chunk += line;
  line = "";
  if(first word of line == "No."){
    packets.push_back(newPacket(chunk));
    chunk = "";
  }
}

No, C strings don't automatically grow and you can't concatenate with a simple + or +=. You need to keep track of the current length of chunk plus the length of the new line you read in and do a realloc in a loop, and copy the new line onto the end. Here's some pseudo code:

Code:

char line[2500];
char *chunk = NULL, *temp;
int chunk_len = 0, line_len;
while fgets(line)
    temp = realloc current chunk_len + line_len + 1 for the null
    if temp is NULL
        quit with error
    chunk = temp;
    copy line onto the end of chunk
    increment chunk_len by line_len

Would it be valid for me to initialize at the start of the program after I set the buffers and reset the char *'s in the loop by using:
line = "";
chunk = "";
then that should enable me to use strcat, and get rid of me playing around with free and maloc without any of the errors associated with the garbage at the top of the output correct?

Thanks for the help guys! I will be sure to let you guys know what happens either way!

You will need to consider certain possibilities:

What if I read more data past the end of No.?
Such as you read in "blahblahNo.blahblah2N" now you have 1 packet
and a partial of another...currently you are discarding what you read
after the first No. you see

What If I read into my buffer and I only get part of the "No." I am looking for?
Ie I read in "blah blahN" and then the next buffer reads "o. some other data here" this prevents the strstr() call from exceeding on your buffer since it doesn't contain the whole "No."...Only solution I see to that is looking from the end of your dynamic string
for "No." on each iteration (which sucks) this is a lot easier if you end a string with a SINGLE character instead of a string

To do this successfully you will likely need to use an internal static buffer. Plus a static int to keep track of where you are in the buffer. That way if you read No. plus some more data after it, you just copy up to the No. into the returned string and then set the buffer position to right after the No.. The next call then begins copying from the current buffer position.

What if instead of using substr, if I was to check index 0,1,2, and 3 for the patteren "N" "o" "." " " I think that would take care of 99% of cases, and parsing insn't in nature always perfect is it?