On Fri, Mar 05, 2004 at 11:14:53PM +0000, Ober Heim wrote:
> Just wondering if there was a way to access vars that appear in parent
> dissectors such as packet-ip.h in sub dissectors.
Arbitrary variables? It is in principle possible *IF* a protocol tree
is being built, but
1) there isn't any guarantee that a protocol tree is being
built, so if the dissector can't work at all without getting
that information, that won't work
and
2) it's not particularly convenient to do so (you'd have to walk
the protocol tree and find the variable.
*However*, if you're only interested in getting the IP source and/or
destination address for a packet, *that's* easy - you can get that
*without* digging it out of the protocol tree. "pinfo->src" and
"pinfo->dst" are structures of type "address" that contain the most
recent ("recent" as in "going up the protocol stack" - a packet can, for
example, have *more than one* IP source or destination address, due to
tunneling) network-layer source and destination addresses or, if no
network-layer protocol is present, the most recent link-layer address.
That's what the TCP dissector uses, for example.
