Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Data from previous protocol

From: "ali alkhalidi" <alikhalidilug@xxxxxxxxx>
Date: Sun, 11 Mar 2007 23:50:20 +0200
will try this, and BTW, would the data fetched with tvb_get_ptr,
inside the ip dissector return the header information in network byte
order?

also, I was looking into the tapping facility, which is really cool,
but didn't make much use of it yet, because I was stuck with the
"post" reporting behaiviour for its call backs. I did some digging
into the fetch_tapped_data, but still didn't get much out of it

thanks,



On 3/11/07, Guy Harris <guy@xxxxxxxxxxxx> wrote:
ali alkhalidi wrote:
> well, I'm trying to to verify an AH packet.

Do you mean validating the authentication data?

If so, then the way to do this would be to modify the IPv4 and IPv6
dissectors to pass the relevant information to subdissectors via the
pinfo->private_data pointer.

pinfo->private_data would point to a data structure with:

        a Boolean that's TRUE for IPv6 and FALSE for IPv4;

        a "const char *" pointer to the IPv4/IPv6 header (fetched with
tvb_get_ptr());

         the length of the header, in bytes.

Some dissectors would ignore this; the TCP and UDP dissectors could use
that to do checksum validation (currently, they fetch that information
from other pinfo fields); the AH dissector would use copy the header to
a private buffer, zeroing out the appropriate fields, and use that.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev