Wireshark mailing list archives
Re: Add computed bytes of different length
From: Kevin Cox <kevincox () kevincox ca>
Date: Wed, 04 Jun 2014 12:12:27 -0400
On 04/06/14 10:24, Anders Broman wrote:
One option is to read the bytes from the tvb to a buffer manipulate the bytes and make a new tvb with the manipulated bytes in the buffer and then dissect that new tvb. Like uncompressing something and then dissect the content of the uncompressed result.If it's just a few bytes that may not be feasible I suppose.
I tried this using tvb_new_child_real_data_ but the highlighted area in wireshark seemed to be the first n bytes of the parent tvb. I don't know how to link it back where the data actually came from.
If the encoded stuff really is a string "string coming from the wrong place in the packet" you might want to add a new string encoding type and add it as a string With ENC_MY_STRING_ENCODING.
This is possible but I'm not sure it would be ideal. I will explain my use case a bit more. I have a "blob" type in my protocol that has some metadata such as length and type and I want to create a generic parser function that can be used from multiple locations in my protocol. I'm thinking that the ideal output would contain an parent item of a type passed into my function. This would have the value of the blob content so it can be filtered on. However I want it to highlight the whole source of the blob in the "packet view". Then this item would have expert children such as length, type and data which would point to the actual pieces inside the structure. I can get most of this using a FT_NONE or text item with custom formatting however that will leave me unable to filter the field. Is this the best approach? Or would a different method be better. I did a similar dissection of a string and am very pleased with the output, however because the source and value lengths are tied together for bytes objects I don't know how to implement it. Thanks, Kevin
Attachment:
signature.asc
Description: OpenPGP digital signature
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Add computed bytes of different length Kevin Cox (Jun 04)
- Re: Add computed bytes of different length Anders Broman (Jun 04)
- Re: Add computed bytes of different length Kevin Cox (Jun 04)
- Re: Add computed bytes of different length Evan Huus (Jun 04)
- Re: Add computed bytes of different length Kevin Cox (Jun 04)
- Re: Add computed bytes of different length Kevin Cox (Jun 04)
- Re: Add computed bytes of different length Anders Broman (Jun 04)