I intend to write a plugin using heuristic dissector.I am using eth heuristic dissector and my protocol relevant data will be part of ethernet payload and located at the end of ethernet payload.Now in dissect_myproto , the tree pointer will directly/autonomously point to my protocol relevant data when my dissector gets called or i will have to manipulate it to point to my protocol relevant data ?
asked 05 Jun '12, 09:36
You need to read README.developer in the source tree.
As discussed on your very similar question, tvb is a pointer to the buffer containing the data from the packet that you will dissect, pinfo is a pointer to lots of other information about the packet and tree is a pointer to the proto tree where you put the results of your dissection.
answered 05 Jun '12, 12:49