Wireshark · Wireshark-dev: [Wireshark-dev] Issue with tvbuff_t

[Varun Gupta <varun.gupta@xxxxxxxxxxx>]

Hi All,

 

I am writing a new dissector (similar to SDP, occurs as payload in SIP message), where I get a tvbuff_t* in my proto dissect function from the wireshark. Now somehow my requirement is such that I need to take all the content part from this tvbuff_t* using tvb_get_ptr(). And then perform some decoding on this payload and form a new tvbuff_t* object using tvb_new_real_data() function. And use this new tvbuff_t* object in all my proto_tree_add_text() function calls. So in a nutshell I am not using the same tvbuff_t* that I got in dissect_proto() function from wireshark in protocol tree creation functions. Now I have two questions:

 

1. While creating a new tvbuff_t* I do not know what kind of tvb_type I am using so that I could create a new tvbuff_t* of same type (SUBSET, REALDATA, COMPOSITE). How can I find that?

2. Is it OK to use a self created (not the original) tvbuff_t* in the calls to proto_tree_add_text(), will this work perfect?

 

I am new to wireshark dissector development; please help me in resolving these issues.

 

Thanks,

Varun

---

"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."