Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Getting rid of unwanted payload-parts for next the dissector

From: Yves Geissbühler <geyves@xxxxxxx>
Date: Tue, 20 Nov 2007 16:38:23 +0100
Hi all

I am working on a dissector for the MPA protocol (RFC 5044) which runs on top of TCP. In some configurations, this protocol inserts so called Markers (each 4 bytes long) every 512th octet relative to the TCP sequence number of the first MPA FPDU.

I would like to remove these Markers from the MPA payload before it is passed to the next dissector (DDP, RFC 5042). To assemble a Marker free MPA payload I have used the procedures of tvbuff.c:
- next_tvb = tvb_new_composite()
- tvb_composite_append(...)
- tvb_composite_append(next_tvb, tvb_new_subset(tvb, start, end, end- start))
- tvb_composite_finalize(next_tvb)

But the resulting new next_tvb buffer behaves weird in the next dissector and is not usable.

Form previous mailinglist posts, I know that there are some issues with these procedures. Are these problems still present or have I made any mistake using them?

Except for using these 'composite' procedures or mem copy are there any other feasible solutions to get rid of unwanted parts in a payload? Having these Markers still present in the MPA payload requires extra code in my DDP dissector to deal with it. By chance, it is possible that a Marker is located somewhere within the DDP header.


Thanks you for any suggestions.
- Yves