Wireshark-dev: Re: [Wireshark-dev] How to apply a custom translation/rendering method to the da
Fulko Hew wrote:
As the subject line asks, is there a function I can invoke in a
dissector to change the way the bottom pane of the display opperates.
No.
I'd like to affect two different things:
1/ I'd like all the data to be masked first before being displayed as hex
(just like stripping a parity bit)
If the data has to have that bit stripped before being processed by the
dissector, you should consider having the dissector generate a new
raw-data tvbuff containing the processed data, and do the dissection on
that tvbuff. The raw-data tvbuff, if the right calls are made, will
show up as a tab in the third pane.
See, for example, dissect_icqv5Client() in epan/dissectors/packet-icq.c,
which takes a tvbuff with encrypted data and generates a new tvbuff with
the decrypted data.
2/ I need to be able to send the data through a translate table before
being displayed as ASCII. (ie like EBCDIC to ASCII, but its not EBCDIC)
The short-term fix would be to add one or more new encodings to the
"char_enc" enum in epan/packet.h (note that it's stored in a 2-bit
bitfield, so if you need more than two encodings, you'll need to widen
that bitfield), have your dissector set pinfo->fd->flags.encoding to the
new value, and update packet_hex_print_common() in gtk/proto_draw.c and
print_hex_data_buffer() in print.c to know about the new encodings.
A more general mechanism would be useful (along with a general mechanism
for handling character encodings in strings; the two mechanisms might
share some things, e.g. the encoding tags).
