Wireshark-dev: Re: [Wireshark-dev] working with header data

From: Ed Beroset <beroset@xxxxxxxxxxxxxx>
Date: Mon, 17 Oct 2011 21:32:15 -0400
Guy Harris wrote:

crypto.  If that can be done in a different fashion, as per my
earlier suggestion, that code shouldn't even exist.

I implemented your suggestion over the weekend and tested it today on multiple platforms. It has less monkeying around with the packet memory at the expense of more monkeying around within the ASN.1 portion.

Thanks for the help! I've resubmitted the patch and attached it to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5531

The code that actually does the crypto is in dissect_epsem(), which
should only be called after all the header fields have been
dissected.

I'm still unclear as to when that is or how one can tell. The function in question was sometimes called with a pointer to the whole unparsed packet, and sometimes with a pointer to the parsed User-information section. I still don't know why.

I've also added doxygen-style documentation on most of the functions in the C12.22 dissector I created. I'd like to continue adding to the doxygen support as well, since it could be a very valuable tool with the proper care and feeding.

Ed