Wireshark-dev: Re: [Wireshark-dev] Parsing variable length protocol trailer
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Tue, 27 Apr 2010 18:01:16 -0400

For those types of dissectors called in that manner, I don’t know of any way directly to tell how many bytes were dissected, but you could have the calling dissector initialize a pinfo->private_data struct that contains a “number of bytes dissected” field initialized to zero.  Before the subdissector returns from the dissector_try_port/heuristic call, it can set that field to the actual number of bytes it was able to dissect, thus the caller can easily determine how many bytes remain.  And if this information is useful enough, then maybe a dedicated field is added to the packet_info struct for that purpose rather than using the private_data.

 

I don’t know, maybe there’s another easier & better way, but that’s one potential solution that comes to mind.

- Chris

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Edgar, Thomas
Sent: Tuesday, April 27, 2010 3:22 PM
To: 'wireshark-dev@xxxxxxxxxxxxx'
Subject: [Wireshark-dev] Parsing variable length protocol trailer

 

I have a variable length protocol trailer (which is only known by the end devices) to parse and there is no way to figure it out during the framing process.  Is there a way to determine how many bytes the subdissectors actually used or how many bytes are left unused after a return from dissector_try_port/heuristic?  Is there something in the tvbuff, packet_info, or proto_tree structures that would work?

 

Thanks,

 

Thomas W. Edgar

 

 

 

 

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.