Re: Decompress Data

[Max Dmitrichenko <dmitrmax () gmail com>]

2011/10/7 Marcel Haas <inf462 () fh-worms de>:
> And i have the next problem. Damn wireshark kick my ass :)
>
> I have some packets witch are compress witz zlib.
> I want to uncompress them.
> I read the dev-guid about transformed data but i dont have a clue.
> I were testing some stuff but with no good result.
> Can someone help me with that ?

It is simple.
1) You have to know the size of decompressed data, e.g. in buffer_size variable.
2) Alloc the buffer of needed size for it using e.g. se_alloc, e.g.
you have pointer to alloced buffer called buffer_ptr.
3) Decompress you data into that buffer.
4) call
     child_tvb = tvb_new_child_real_data(current_tvb, buffer_ptr,
buffer_size, buffer_size);
5) call
     add_new_data_source(pinfo, child_tvb, "Decompressed Data");
6*) Optionally you can dissect child_tvb as any usual TVB.

In the GUI you'll get the decompressed data into another tab called
"Decompressed Data" or any other name you provide in step 5.

--
  Max
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe