Hi everyone,
I'm looking at doing what 'decode as' does, but directly in code :
User provides a buffer and a protocol to use, and the code would perform the
parsing and end up with an epan_dissect_t that contains the parsed information.
I understand there might be limitations as to which dissectors allow doing
'decode as', but assuming I restrict myself to the 'supported' protocols for
this, how do I even do the setup to perform that parsing ?
I already have all the code (see below) to take a raw data buffer and parse it,
I just can't figure out how to tell the code "start dissecting using protocol
X" and the code in decode_as_dialog.cpp wasn't clear to me.
Any pointers ?
Here's how I'm parsing raw buffers (assuming they start at Ethernet) :
struct wtap_pkthdr stHeader;
memset(&stHeader, 0, sizeof (stHeader));
stHeader.rec_type = REC_TYPE_PACKET;
stHeader.caplen = poFrameData->GetLength();
stHeader.len = poFrameData->GetLength();
stHeader.pkt_encap = WTAP_ENCAP_ETHERNET;
stHeader.presence_flags = WTAP_HAS_TS | WTAP_HAS_CAP_LEN;
frame_data_init(&stFrameData, m_qwFrameCount, &stHeader, 0, 0);
epan_dissect_run(pstEpanDissect, WTAP_FILE_TYPE_SUBTYPE_UNKNOWN,
&stHeader, tvb_new_real_data(poFrameData->GetPayload(),
poFrameData->GetLength(), poFrameData->GetLength()), &stFrameData, NULL);
Thanks,
Hassan
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
