Wireshark-dev: [Wireshark-dev] Getting rid of unwanted payload-parts for next the dissector
From: Yves Geissbühler <[email protected]>
Date: Tue, 20 Nov 2007 16:38:23 +0100
Hi all

I am working on a dissector for the MPA protocol (RFC 5044) which runs on top of TCP. In some configurations, this protocol inserts so called Markers (each 4 bytes long) every 512th octet relative to the TCP sequence number of the first MPA FPDU.
I would like to remove these Markers from the MPA payload before it  
is passed to the next dissector (DDP, RFC 5042). To assemble a Marker  
free MPA payload I have used the procedures of tvbuff.c:
- next_tvb = tvb_new_composite()
- tvb_composite_append(...)
- tvb_composite_append(next_tvb, tvb_new_subset(tvb, start, end, end- start))
- tvb_composite_finalize(next_tvb)

But the resulting new next_tvb buffer behaves weird in the next dissector and is not usable.
Form previous mailinglist posts, I know that there are some issues  
with these procedures. Are these problems still present or have I  
made any mistake using them?
Except for using these 'composite' procedures or mem copy are there  
any other feasible solutions to get rid of unwanted parts in a payload?
Having these Markers still present in the MPA payload requires extra  
code in my DDP dissector to deal with it. By chance, it is possible  
that a Marker is located somewhere within the DDP header.

Thanks you for any suggestions.
- Yves