On Wed, 16 May 2007 12:23:45 -0700
Stephen Fisher <stephentfisher@xxxxxxxxx> wrote:
> On Wed, May 16, 2007 at 04:02:03PM +0200, Tomasz Noi?ski wrote:
>
> > Where should I store information I get during conversation analysis? I
> > have this info only on the first run (!pinfo->fd->flags.visited) and I
> > need it again later, when I display the packet trees.
> > Is p_add_proto_data()/p_get_proto_data() the only way? (It's quite
> > cumbersome, I think, as one frame can contain many protocol packets).
>
> Yes, that is the best way to store data on a per-packet basis for later
> use. It's stored on a per-dissector/protocol basis, so IP can have its
> own and TCP can have its own, etc. Or do you mean that you have
> multiple PDUs of the same protocol in each packet?
Exactly.
One TCP packet possibly contains several "P5 datagrams" of my protocol
and every "P5 datagram" -- possibly multiple "P5 messages". And I
display it all according to how they're layered in TCP packets.
Did I get this wrong? Is it possible to create Wireshark "frames" from
inside a dissector?
If I knew how, I'd love to create a "frame" for every "P5 datagram" and
for every "P5 message" - protocol layering wouldn't be displayed so
clearly, but it would be much easier to read and then I could have
separate "proto_data" for each one. And I don't care how my PDUs are
segmented inside TCP anyway.
Noix
