This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi all, I'm changing source code of packet-data.c of wireshark for some specific purposes. In my scenario, I have to replace all data of a tvb with new data so that I use this one:

tvb = tvb_new_real_data(real_data_sonnh,bytes+nSccp_length+6,bytes+nSccp_length+6);

where real_data_sonnh is a pointer to my new data. But I realize that by doing this, the old data of tvb still exists and cannot be free when wireshark is running. My question is:

  • How can I replace the old data of tvb and make sure that this data is free when I use tvb_new_real_data for the new data?

Please help if you have any experience? Thank you so much.

asked 07 Dec '14, 18:23

hoangsonk49's gravatar image

hoangsonk49
81282933
accept rate: 28%

edited 08 Dec '14, 01:16


Let me ask you another question: Do you see a dissector free its passed in TVB? The answer is: no. Consider the TVB that's handed to the dissector as an object owned by the dissection engine, which will handle its deallocation when it goes out of scope.

What you should worry about is freeing the new TVB you create. That is a TVB you own and the dissection engine doesn't know about.

permanent link

answered 08 Dec '14, 00:50

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Hi Jaap, I don't want to create any TVB new. I just need to change some values and apply this change to the current TVB before it is going through the dissector. I'm not familiar with tvb allocation and deallocation, so that I tried to use

tvb = tvb_new_real_data(real_data_sonnh,bytes+nSccp_length+6,bytes+nSccp_length+6);

where tvb is the current tvb, real_data_sonnh is the pointer to the new data in order to make tvb has the new values. My question is: - If I use this code, do I need to free anything ? - is it better to create a new tvb with the new data and put it to the dissector instead of replacing the current tvb with a new data?

Thanks for your help.

(08 Dec '14, 01:22) hoangsonk49
  • You probably shouldn't modyfy packet-data.c but rather the caller of that dissector.
  • A tvb is supposed to contain the content of the packet and there shouldn't be any need to modify it unless the content is "packed" in some way and needs some sort of "deflating/decryption" to show the un packed content.
  • If you add new real data to a tvb you can set the function to be used when the dissection engine decides to free the tvb with tvb_set_free_cb() see sigcomp-udvm.c for example.
(08 Dec '14, 04:11) Anders ♦

Hi Anders, you are right. I don't want to modify packet-data.c and the data of tvb but I must do this because the content is packed and it must be decoded before going through the dissector.

About using tvb_set_free_cb(), I see it is used for tvb_new_child_real_data in most cases but not sure it could be used for tvb_new_real_data

tvb = tvb_new_real_data(real_data_sonnh,bytes+nSccp_length+6,bytes+nSccp_length+6);

Also, if I use tvb_new_real_data to replace some old values of tvb, do I need to free anything? or just set a function tvb_set_free_cb() as below:

tvb = tvb_new_real_data(real_data_sonnh,bytes+nSccp_length+6,bytes+nSccp_length+6); tvb_set_free_cb( tvb , g_free );

My code structure is:

 dissect_data(tvbuff_t *tvb, packet_info *pinfo _U_ , proto_tree *tree)
{
  ...
  tvb = tvb_new_real_data(real_data_sonnh,bytes+nSccp_length+6,bytes+nSccp_length+6);
  ...
  if (new_pane) {
    guint8 *real_data = (guint8 *)tvb_memdup(tvb, 0, bytes);
    data_tvb = tvb_new_child_real_data(tvb,real_data,bytes,bytes);
    add_new_data_source(pinfo, data_tvb, "Not dissected data bytes");
  } else {
            data_tvb = tvb;
           }
  dissect_data_sonnh(data_tvb,pinfo,tree );
  ...
}

Do I need to free the old tvb ?

(09 Dec '14, 00:10) hoangsonk49
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×3
×1

question asked: 07 Dec '14, 18:23

question was seen: 1,859 times

last updated: 09 Dec '14, 00:10

p​o​w​e​r​e​d by O​S​Q​A