Wireshark mailing list archives
Re: Add computed bytes of different length
From: Anders Broman <anders.broman () ericsson com>
Date: Wed, 4 Jun 2014 14:24:30 +0000
-----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Kevin Cox Sent: den 4 juni 2014 16:09 To: wireshark-dev () wireshark org Subject: [Wireshark-dev] Add computed bytes of different length Hello, Please forgive me if I am missing something obvious. I am trying to add some computed bytes to the proto_tree and wish them to be filterable. However, the proto_tree_add_bytes and similar functions only have one length argument that is used for both the tvb and the value pointer. The problem is that my bytestring is not directly from the tvb and is a different length. I was wondering how I could add this to the tree. Currently I see only the following options: - Add it with the correct length for the value and have the output show the string coming from the wrong place in the packet. This also has the problem that I can extend past the end of the tvb possibly raising exceptions. - Use a FT_NONE and don't add the value byte string. However this removes the option of filtering on the value of the field. Any advise would be appreciated, Kevin One option is to read the bytes from the tvb to a buffer manipulate the bytes and make a new tvb with the manipulated bytes in the buffer and then dissect that new tvb. Like uncompressing something and then dissect the content of the uncompressed result. If it's just a few bytes that may not be feasible I suppose. If the encoded stuff really is a string "string coming from the wrong place in the packet" you might want to add a new string encoding type and add it as a string With ENC_MY_STRING_ENCODING. Regards Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Add computed bytes of different length Kevin Cox (Jun 04)
- Re: Add computed bytes of different length Anders Broman (Jun 04)
- Re: Add computed bytes of different length Kevin Cox (Jun 04)
- Re: Add computed bytes of different length Evan Huus (Jun 04)
- Re: Add computed bytes of different length Kevin Cox (Jun 04)
- Re: Add computed bytes of different length Kevin Cox (Jun 04)
- Re: Add computed bytes of different length Anders Broman (Jun 04)