Beth wrote:
Change the builtin dissector? You sure that's not cheating? ;)
Seriously though, that might be an option to consider - is there a way I
could turn on that setting automatically from my plugin? I would prefer
this to be a drop-in solution if possible, i.e. the end user simply
drops the plugin into their Wireshark folder and that's all they have to do.
Well, we're talking about a protocol violation here. I was under the assumption
that the checksum would be part of your outer protocol, not the build-in inner
protocol. That's why the suggestion for tvb_new_subset(). What you're trying to
do is fake the out checksum being the innner checksum. What about checksum
errors? Which protocol is to blame then?
Anyways, Wireshark is designed around proper protocol layering, so this would
require indeed something like Didier suggested.
Or you could provide a patch for the build-in dissector to be able to dissect
the extra bytes off-the-shelf.
Thanks,
Jaap