I intend to write a plugin using heuristic dissector.I am using eth heuristic dissector and my protocol relevant data will be part of ethernet payload and located at the end of ethernet payload.Now in dissect_myproto , the tree pointer will directly/autonomously point to my protocol relevant data when my dissector gets called or i will have to manipulate it to point to my protocol relevant data ? asked 05 Jun '12, 09:36  yogeshg |
One Answer:
You need to read README.developer in the source tree. As discussed on your very similar question, tvb is a pointer to the buffer containing the data from the packet that you will dissect, pinfo is a pointer to lots of other information about the packet and tree is a pointer to the proto tree where you put the results of your dissection. answered 05 Jun '12, 12:49  grahamb ♦ |
ok,my mistake. In my question when i said "tree" , i meant tvb. All this confusion has arisen due to call_dissector ,actually my protocol relevant data lies at end of ethernet payload so i wondering do i have to use call_dissector for eth first and then do my dissection ?
let me explain myself more , earlier my protocol relevant data was coming first thing in ethernet payload and i was dissecting it followed by call to dissector for ip for eg. :-
ip_handle = find_dissector("ip");
call_dissector(ip_handle,....
But now my proto data is at the end of ethernet payload , so do i need to reverse this ? do i need to call_dissector for ip first and then do my dissection on my proto data ? .. Hope i made clear myself this time