Wireshark-dev: [Wireshark-dev] Getting rid of unwanted payload-parts for next the dissector
Hi all
I am working on a dissector for the MPA protocol (RFC 5044) which
runs on top of TCP. In some configurations, this protocol inserts so
called Markers (each 4 bytes long) every 512th octet relative to the
TCP sequence number of the first MPA FPDU.
I would like to remove these Markers from the MPA payload before it
is passed to the next dissector (DDP, RFC 5042). To assemble a Marker
free MPA payload I have used the procedures of tvbuff.c:
- next_tvb = tvb_new_composite()
- tvb_composite_append(...)
- tvb_composite_append(next_tvb, tvb_new_subset(tvb, start, end, end-
start))
- tvb_composite_finalize(next_tvb)
But the resulting new next_tvb buffer behaves weird in the next
dissector and is not usable.
Form previous mailinglist posts, I know that there are some issues
with these procedures. Are these problems still present or have I
made any mistake using them?
Except for using these 'composite' procedures or mem copy are there
any other feasible solutions to get rid of unwanted parts in a payload?
Having these Markers still present in the MPA payload requires extra
code in my DDP dissector to deal with it. By chance, it is possible
that a Marker is located somewhere within the DDP header.
Thanks you for any suggestions.
- Yves