Re: Creating a TVB

[Richard Sharpe <realrichardsharpe () gmail com>]

On Wed, Feb 28, 2018 at 1:49 AM, Paul Offord <Paul.Offord () advance7 com> wrote:
> Hi,
>
> I’m writing a dissector for a new block type.  I register a block read
> function for my new block type, and when Wireshark detects one of these
> blocks, my block read function is called with the following parameters:
>
> gboolean tdb_read_block(FILE_T fh, guint32 block_data_len, gboolean c,
> wtapng_block_t *wtapng_block,   int *err, gchar **err_info)
>
> This function then reads the block content like this:
>
>     /* read block content */
>
>     if (!wtap_read_bytes(fh, wtapng_block->frame_buffer->data,
> block_data_len, err, err_info)) {
>
>         wmem_strdup_printf(wmem_file_scope(), "tdb_read_block: failed to
> read TDB");
>
>         return FALSE;
>
>     }
>
> Later I need to parse the serialised data in
> wtapng_block->frame_buffer->data.  I have been writing my own accessors but
> I realised I am just duplicating existing TVB accessors.  I’ve looked
> through README.dissector which describes in detail how to use the TVB
> accessors, but not about creating a TVB.  There is a section on
> TVBUFF_SUBSET but that doesn’t seem relevant.
>
> How do I get the block data into a TVB, preferably without having to copy
> it?

Do functions like tvb_new_subset* not work for you? Check existing dissectors.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe