Wireshark-dev: Re: [Wireshark-dev] Need advice on modifying tvb

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 24 Nov 2009 23:09:22 +0100
Beth wrote:
Change the builtin dissector?  You sure that's not cheating?  ;)

Seriously though, that might be an option to consider - is there a way I could turn on that setting automatically from my plugin? I would prefer this to be a drop-in solution if possible, i.e. the end user simply drops the plugin into their Wireshark folder and that's all they have to do.


Well, we're talking about a protocol violation here. I was under the assumption that the checksum would be part of your outer protocol, not the build-in inner protocol. That's why the suggestion for tvb_new_subset(). What you're trying to do is fake the out checksum being the innner checksum. What about checksum errors? Which protocol is to blame then? Anyways, Wireshark is designed around proper protocol layering, so this would require indeed something like Didier suggested. Or you could provide a patch for the build-in dissector to be able to dissect the extra bytes off-the-shelf.

Thanks,
Jaap