Re: How to create TVB to pass to dissector

[Guy Harris <guy () alum mit edu>]

On May 12, 2011, at 12:53 AM, Anders Broman wrote:

> I don't think you should modify the packet but find a way to call the H.225 dissector directly, at a glance this 
> seems to be done already
> for some case:
> Line 2895 call_dissector(h225_handle...

It's done already if:

        1) this is Q.931 "over IP" (where "over IP" is as defined in my previous message);

        2) there are at least 4 bytes available in the IE;

        3) the code set is 0;

        4) it's a user-user IE;
        
        5) the first octet past the IE length is 0x05, i.e. Q931_PROTOCOL_DISCRIMINATOR_ASN1, described as "X.208 and 
X.209 coded user information" (for which read "ASN.1 BER").

The problem in Alex Lindberg's case is presumably that the dissector doesn't think this is Q.931 "over IP", presumably 
because either

        1) it really *isn't* over IP;

        2) it is over IP, but it's not over TPKT or over SCTP with a PPI of 13.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe