Ethereal-users: [Ethereal-users] Re: [Ethereal-dev] escape sequences in tv_buff

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 06 May 2005 12:04:00 -0700
Oren Mazor wrote:

I'm writing a dissector here at work

The right list for questions about developing code for Ethereal is ethereal-dev; I'm redirecting replies there.

and I'm trying to figure out how to
deal with search and replace in a tv_buff.

If by "search and replace" you mean your dissector wants to modify the contents of a tvbuff it's been handed, then the answer is simple:

	Don't.

The data in a tvbuff are immutable, by design and intent; a dissector is *NOT* allowed to modify the contents (that's why pointers returned from, for example, "tvb_get_ptr()" have a "const" qualifier), and dissectors *ARE* allowed to assume that the string will exist and remain unchanged (an assumption that would be broken if the contents are changed) as long as the tvbuff exists (but are not allowed to assume the tvbuff will continue to exist forever - if another packet is dissected, the tvbuff for the current dissection will probably be freed)

What I'm trying to do is the equivalent of the perl s/FF55/FF. is this
possible in a simple manner, or will I have to find the location of FF55,
and create a new tv_buff comprised of everything before FF55 and
everything after?

Yes, you will. If a dissectors need to modify data supplied to it (e.g., decompression, decryption, etc.), it should create a new tvbuff to hold the modified data.

If you're then going to dissect the modified data, you will also have to make the new tvbuff a named "data" source. The new tvbuff would be created with "tvb_new_real_data()", and then you call "tvb_set_child_real_data_tvbuff()" to mark the new tvbuff as a child of the tvbuff containing the data used to create it, and then add it as a data source with "add_new_data_source()" - "add_new_data_source()" takes a string as an argument, giving it a name, which is used to label the data when it's displayed in the third pane.

See, for example, the sequences of calls in epan/dissectors/packet-vj.c that do that.