Re: Creating a TVB

[Roland Knall <rknall () gmail com>]

Hi Paul

Seems you have to create your own tvb chain here, as the data most likely
is not presented yet in the packet_info structure, am I correct?

In this case, the corresponding methods would be in epan/tvbuff-int.h, but
those are not supposed to be used "by the public", as they are subject to
change.

I would go a different route though (admittedly a little bit of a hack). I
would create a new tvb with tvb_memdup on the first byte of your protocol
tvb, and then add the block data via tvb_new_real_data. In that case you
have the luxury of the wmem system, as well as a good cleanup of the tvb.

cheers
Roland

On Wed, Feb 28, 2018 at 10:49 AM, Paul Offord <Paul.Offord () advance7 com>
wrote:

> Hi,
>
>
>
> I’m writing a dissector for a new block type.  I register a block read
> function for my new block type, and when Wireshark detects one of these
> blocks, my block read function is called with the following parameters:
>
>
>
> gboolean tdb_read_block(FILE_T fh, guint32 block_data_len, gboolean c,
> wtapng_block_t *wtapng_block,   int *err, gchar **err_info)
>
>
>
> This function then reads the block content like this:
>
>
>
>     /* read block content */
>
>     if (!wtap_read_bytes(fh, wtapng_block->frame_buffer->data,
> block_data_len, err, err_info)) {
>
>         wmem_strdup_printf(wmem_file_scope(), "tdb_read_block: failed to
> read TDB");
>
>         return FALSE;
>
>     }
>
>
>
> Later I need to parse the serialised data in wtapng_block->frame_buffer->data.
> I have been writing my own accessors but I realised I am just duplicating
> existing TVB accessors.  I’ve looked through README.dissector which
> describes in detail how to use the TVB accessors, but not about creating a
> TVB.  There is a section on TVBUFF_SUBSET but that doesn’t seem relevant.
>
>
>
> How do I get the block data into a TVB, preferably without having to copy
> it?
>
>
>
> Thanks and regards…Paul
>
>
>
> ______________________________________________________________________
>
> This message contains confidential information and is intended only for
> the individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system.
>
> Any views or opinions expressed are solely those of the author and do not
> necessarily represent those of Advance Seven Ltd. E-mail transmission
> cannot be guaranteed to be secure or error-free as information could be
> intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
> contain viruses. The sender therefore does not accept liability for any
> errors or omissions in the contents of this message, which arise as a
> result of e-mail transmission.
>
> Advance Seven Ltd. Registered in England & Wales numbered 2373877 at
> Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
>
> ____________________________________________________________
> _______________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org?subject=
> unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe