On Fri, 7 Oct 2011 13:21:15 +0200, [email protected] wrote:
I have a example from my plugin if it may help:
unsigned char Ip_Buffer[2000];
/* Get the buffer bytes to decompress */
tvb_memcpy(tvb, Ip_Buffer, (*bitoffset)/8,lgpdubit/8);
/*
* Decompress it:
* Decompressed buffer is output in Op_Buffer,
* size of the decompressed buffer (in bit in this case) in
SizeInBits */
*/
rc = decompress(Ip_Buffer, lgpdubit - ((8-bitnb) % 8), &(Op_Buffer),
&O_SizeInBits);
/* Now re-setup the tvb buffer to have the new data */
next_tvb = tvb_new_real_data(Op_Buffer, O_SizeInBits/8,
O_SizeInBits/8);
tvb_set_child_real_data_tvbuff(tvb, next_tvb);
add_new_data_source(pInfoG, next_tvb, "Decompressed Data");
/* From here dissect next_tvb from offset 0 */
Where u get the decompress function and what type does rc have .. ?
On Fri, 7 Oct 2011 13:51:13 +0400, Max Dmitrichenko
<[email protected]> wrote:
2011/10/7 Marcel Haas <[email protected]>:
And i have the next problem. Damn wireshark kick my ass :)
I have some packets witch are compress witz zlib.
I want to uncompress them.
I read the dev-guid about transformed data but i dont have a clue.
I were testing some stuff but with no good result.
Can someone help me with that ?
It is simple.
1) You have to know the size of decompressed data, e.g. in
buffer_size variable.
2) Alloc the buffer of needed size for it using e.g. se_alloc, e.g.
you have pointer to alloced buffer called buffer_ptr.
3) Decompress you data into that buffer.
4) call
child_tvb = tvb_new_child_real_data(current_tvb, buffer_ptr,
buffer_size, buffer_size);
5) call
add_new_data_source(pinfo, child_tvb, "Decompressed Data");
6*) Optionally you can dissect child_tvb as any usual TVB.
In the GUI you'll get the decompressed data into another tab called
"Decompressed Data" or any other name you provide in step 5.
--
Max
___________________________________________________________________________
Sent via: Wireshark-dev mailing list
<[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
hmm i dont get it at all .. my code looks like this :
guint8 *buff;
tvbuff_t *compress_tvb;
int captured_size;
captured_size=tvb_length_remaining(tvb, offset2); //I think that
what u
mean by 1
buff= g_malloc(captured_size); // step 2 ?
compress_tvb=tvb_new_real_data(buff,captured_size,captured_size);//
step 4 ?
tvb_set_free_cb(compress_tvb,g_free); //
step
4 ?
tvb_set_child_real_data_tvbuff(tvb,compress_tvb); //
step
4 ?
add_new_data_source(pinfo,compress_tvb,"Decompressed TVB"); //step
5
___________________________________________________________________________
Sent via: Wireshark-dev mailing list
<[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
