I have a packet as A:12 bytes, B:20 bytes. C:16 bytes In the dissector for B the whole tvb gets passed i.e. A, B, C. Now dissector for B calls dissector for C. C also handles the dissection of A. So in dissector B how will I use the tvb_new_subset. Currently all I am seeing are examples like tvb_new_subset(tvb, 20, -1, -1) But that would remove 12 bytes of A and 8 bytes of B. I want to remove 20 bytes of B only and pass it to C. asked 12 Oct '15, 21:54  samprit edited 12 Oct '15, 23:28 |
One Answer:
I.e., there's a 12-byte header for protocol A, followed by 36 bytes of payload for A, with the 36 bytes of payload for A having 20 bytes of header for B and 16 bytes of payload for B, and with the 16 bytes of payload for B being a packet for C?
That's not how it's supposed to work. The dissector for A is supposed to dissect the 12-byte header, and then use
And it should then dissect the header for B, and then use
That's not how it's supposed to work. Why cannot the dissector for A handle that? answered 13 Oct '15, 01:54  Guy Harris ♦♦ |
Actually there is no dissector for A. The dissector for A is being handled in the dissector for C. So I wanted to remove the 20bytes of B and pass it to C. Is there a way to remove the middle data fron tvbuff?
No. Try not handling the dissector for A in the dissector for C, instead.
...Or handle dissection of C in the dissector of A... Then all you have to do is create a tvb subset of B and hand that off the the dissector for B.