I am using eth heuristic dissector and my protocol relevant data will be part of ethernet payload and located at the end of ethernet payload. Now in dissect_myproto , the tvb pointer will directly/autonomously point to my protocol relevant data when my dissector gets called or i will have to manipulate it to point to my protocol relevant data and if yes then how ? ..
earlier my protocol relevant data was coming first thing in ethernet payload and i was dissecting it followed by call to call_dissector for ip for eg. :-
call_dissector(ip_handle,.... (inside diseector function) .. where ip_handle is ip_handle = find_dissector("ip");(inside reg_handoff)
But now my protocol relevant data is at end of eth payload so if i call call_dissector first for "eth" and then do my dissection , will it work ?
asked 05 Jun '12, 19:59
The Ethernet dissector has an eth.trailer subdissector list which you can use. Have a look at the Ethernet dissector how this is called.
answered 06 Jun '12, 01:14