Wireshark-dev: Re: [Wireshark-dev] Getting rid of unwanted payload-parts for next the dissector
Yves Geissbühler wrote:
I am working on a dissector for the MPA protocol (RFC 5044) which
runs on top of TCP. In some configurations, this protocol inserts so
called Markers (each 4 bytes long) every 512th octet relative to the
TCP sequence number of the first MPA FPDU.
I would like to remove these Markers from the MPA payload before it
is passed to the next dissector (DDP, RFC 5042). To assemble a Marker
free MPA payload I have used the procedures of tvbuff.c:
- next_tvb = tvb_new_composite()
- tvb_composite_append(...)
- tvb_composite_append(next_tvb, tvb_new_subset(tvb, start, end, end-
start))
- tvb_composite_finalize(next_tvb)
But the resulting new next_tvb buffer behaves weird in the next
dissector and is not usable.
Form previous mailinglist posts, I know that there are some issues
with these procedures. Are these problems still present or have I
made any mistake using them?
They're not used much, so nobody's taken the time to fix them.
Except for using these 'composite' procedures or mem copy are there
any other feasible solutions to get rid of unwanted parts in a payload?
It sounds as if MPA is similar to the record-marking scheme for ONC RPC
atop TCP; that uses copying as part of the reassembly process (and
you'll probably need to do the same kind of reassembly, etc.).
You might want to look at that part of packet-rpc.c, and handle MPA
similarly.
