Wireshark · Wireshark-dev: Re: [Wireshark-dev] Possibility to modify buffer?

Wireshark-dev: Re: [Wireshark-dev] Possibility to modify buffer?

From: Reinhard Speyerer <rspmn@xxxxxxxx>

Date: Thu, 17 Sep 2009 22:06:19 +0200

Guy Harris wrote:

> You would need to allocate a new tvbuff, and a blob big enough to hold  
> all the decrypted data, and decrypt the data into the blob and attach  
> that blob to the tvbuff, and hand *that* tvbuff to the next  
> dissector.  You cannot modify the data in a tvbuff handed to you.
> 
> I don't know the details of how to do that in a Lua dissector.

I use the following Lua code for this (SyncML example):

        local xmltvb = ByteArray.new(hexxml):tvb("application/vnd.syncml+wbxml")
        local subtree = tree:add(rls_syncml_wbxml_proto, xmltvb())
        syncml_xml_dissector:call(xmltvb, pinfo, subtree)

where hexxml contains the XML in hex ("3C...") and syncml_xml_dissector is

  local syncml_xml_dissector = Dissector.get("xml")

Regards,
Reinhard

References:
- [Wireshark-dev] Possibility to modify buffer?
  - From: Christian Gurk
- Re: [Wireshark-dev] Possibility to modify buffer?
  - From: Guy Harris

Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-ppc
Next by Date: Re: [Wireshark-dev] New packet list is now the default.
Previous by thread: Re: [Wireshark-dev] Possibility to modify buffer?
Next by thread: [Wireshark-dev] VoIP Calls and -Graph dialog behaviour
Index(es):
- Date
- Thread