Title: RE: How to get absolute frame/packet index in buffer?
Hi,
That's a very good point. I haven't thought about reassembly :-(
The protocol I'm trying to dissect has messages that include pointers that point to other element within the message. These pointers values are the offset from the start of the message I'm trying to dissect. I would have liked to add the offset from the start of the frame/packet to the display, so that users can easily correlate the pointers values with the binary output buffer shown in the dissection panel. (It's really annoying to do the offset addition manually all the time). You are right though, maybe that is not possible due to the reassembly issue.
Thx,
/Sebas
------------------------------------------------------------------------------------------------------------------------------------------------
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 18 Oct 2007 11:45:07 -0700
Sebastien Dubois wrote:
I'm currently developping a plugin and I have a little question: Is it possible, from a given dissector, to get the number of bytes already dissected by lower-layer dissectors ? In other words, can I get the index relative to start of a frame/packet buffer? From my dissector point of view, for instance, the relative index to the start of the tvbuff passed to it is of course 0, which could be let's say index 50 relative to the absolute start of the ethernet frame/packet.
What if the packet your dissector has been given has been reassembled from data in multiple link-layer frames? In that case, it's not clear the question you're trying to ask in your dissector *has* an answer.
What are you planning to do with that value?
---------------------------------------------------------------------------------------------------------------------------------------------------
