Hi, What's wrong with tvb_new_subset() ?
Thanks, Jaap Beth wrote: > I am trying to rewrite an existing dissector for a proprietary protocol > that, in fact, is only a slight variation on a standard protocol that is > supported by a builtin Wireshark dissector. > > The proprietary frame begins with some special fields, followed by a > normal frame of the standard protocol BUT the checksum at the end of the > normal frame is recalculated to reflect the extra bytes at the > beginning. So while I can easily write a small dissector that parses > the initial extra fields (and have done so), I cannot simply pass the > rest of the buffer to the builtin dissector since then the checksum will > be wrong. > > My question is: What is the "right" way to fix that checksum in Wireshark? > > I've experimented with several strategies. The tvb_composite functions > would appear to be ideal, but I can't get them to work for some reason. > So at the moment I use tvb_memdup to put the data for the normal frame > into an array, fix the bytes of the checksum, and then use > tvb_new_real_data to create a new tvb to pass to the builtin > dissector. That strategy mostly works: the builtin dissector dissects > the right fields and doesn't complain about the checksum, but the > display isn't quite right. When I select a field in the display tree, > the wrong bytes are highlighted. I could fix that by figuring out what > internal field of the tvb (or packet_info) needs to be tweaked... but > the fact that I would have to do that tells me that maybe I'm not going > about this the right way. Generally whenever I find myself needing to > work around the Wireshark API, it means I'm using it wrong. ;) > > Those of you who are experienced Wireshark developers, what would you > suggest? > > Thanks, > b. > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
