Wireshark-dev: [Wireshark-dev] Creating a TVB
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Paul Offord <Paul.Offord@xxxxxxxxxxxx>
Date: Wed, 28 Feb 2018 09:49:28 +0000

Hi,

 

I’m writing a dissector for a new block type.  I register a block read function for my new block type, and when Wireshark detects one of these blocks, my block read function is called with the following parameters:

 

gboolean tdb_read_block(FILE_T fh, guint32 block_data_len, gboolean c, wtapng_block_t *wtapng_block,   int *err, gchar **err_info)

 

This function then reads the block content like this:

 

    /* read block content */

    if (!wtap_read_bytes(fh, wtapng_block->frame_buffer->data, block_data_len, err, err_info)) {

        wmem_strdup_printf(wmem_file_scope(), "tdb_read_block: failed to read TDB");

        return FALSE;

    }

 

Later I need to parse the serialised data in wtapng_block->frame_buffer->data.  I have been writing my own accessors but I realised I am just duplicating existing TVB accessors.  I’ve looked through README.dissector which describes in detail how to use the TVB accessors, but not about creating a TVB.  There is a section on TVBUFF_SUBSET but that doesn’t seem relevant.

 

How do I get the block data into a TVB, preferably without having to copy it?

 

Thanks and regards…Paul

 


______________________________________________________________________

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.

Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________