Wireshark mailing list archives
Need advice on modifying tvb
From: Beth <beth.tridium () gmail com>
Date: Tue, 24 Nov 2009 14:42:19 -0500
I am trying to rewrite an existing dissector for a proprietary protocol that, in fact, is only a slight variation on a standard protocol that is supported by a builtin Wireshark dissector. The proprietary frame begins with some special fields, followed by a normal frame of the standard protocol BUT the checksum at the end of the normal frame is recalculated to reflect the extra bytes at the beginning. So while I can easily write a small dissector that parses the initial extra fields (and have done so), I cannot simply pass the rest of the buffer to the builtin dissector since then the checksum will be wrong. My question is: What is the "right" way to fix that checksum in Wireshark? I've experimented with several strategies. The tvb_composite functions would appear to be ideal, but I can't get them to work for some reason. So at the moment I use tvb_memdup to put the data for the normal frame into an array, fix the bytes of the checksum, and then use tvb_new_real_data to create a new tvb to pass to the builtin dissector. That strategy mostly works: the builtin dissector dissects the right fields and doesn't complain about the checksum, but the display isn't quite right. When I select a field in the display tree, the wrong bytes are highlighted. I could fix that by figuring out what internal field of the tvb (or packet_info) needs to be tweaked... but the fact that I would have to do that tells me that maybe I'm not going about this the right way. Generally whenever I find myself needing to work around the Wireshark API, it means I'm using it wrong. ;) Those of you who are experienced Wireshark developers, what would you suggest? Thanks, b.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Need advice on modifying tvb Beth (Nov 24)
- Re: Need advice on modifying tvb Jaap Keuter (Nov 24)
- Re: Need advice on modifying tvb Beth (Nov 24)
- Re: Need advice on modifying tvb didier (Nov 24)
- Re: Need advice on modifying tvb Beth (Nov 24)
- Re: Need advice on modifying tvb Jaap Keuter (Nov 24)
- Re: Need advice on modifying tvb Beth (Nov 24)
- Re: Need advice on modifying tvb Jaap Keuter (Nov 24)
- Re: Need advice on modifying tvb Beth (Nov 25)