On Wed, Feb 28, 2018 at 1:49 AM, Paul Offord <Paul.Offord@xxxxxxxxxxxx> wrote:
> Hi,
>
> I’m writing a dissector for a new block type. I register a block read
> function for my new block type, and when Wireshark detects one of these
> blocks, my block read function is called with the following parameters:
>
> gboolean tdb_read_block(FILE_T fh, guint32 block_data_len, gboolean c,
> wtapng_block_t *wtapng_block, int *err, gchar **err_info)
>
> This function then reads the block content like this:
>
> /* read block content */
>
> if (!wtap_read_bytes(fh, wtapng_block->frame_buffer->data,
> block_data_len, err, err_info)) {
>
> wmem_strdup_printf(wmem_file_scope(), "tdb_read_block: failed to
> read TDB");
>
> return FALSE;
>
> }
>
> Later I need to parse the serialised data in
> wtapng_block->frame_buffer->data. I have been writing my own accessors but
> I realised I am just duplicating existing TVB accessors. I’ve looked
> through README.dissector which describes in detail how to use the TVB
> accessors, but not about creating a TVB. There is a section on
> TVBUFF_SUBSET but that doesn’t seem relevant.
>
> How do I get the block data into a TVB, preferably without having to copy
> it?
Do functions like tvb_new_subset* not work for you? Check existing dissectors.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
