Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Problem by writing a plugin, how to access the previous telegram

From: "Dittrich Sabrina (PEA-Fe2/BA-ET)" <Sabrina.Dittrich@xxxxxxxxxxxx>
Date: Fri, 8 Dec 2006 15:19:33 +0100
Title: Problem by writing a plugin, how to access the previous telegram?

Hello!

I'm trying to write a plugin for Wireshark to dissect a special Ethernet-Protocol.
But, to be able to dissect my telegrams, I need information of some bytes of the previous telegram.
Can you please tell me how to access the previous telegram while dissecting the current telegram?
I thought of the "tvb", because tvb->real_data contains the telegram-data, but how to get the data of real_data of the previous telegram?

And I thought of pinfo->fd, because I'm able to get the number of the previous telegram with pinfo->fd->prev->num.
And I read something in epan.h, that seemed to solve my problem, but I don't know, how to use it.
Please answer soon.

With kind regards
Sabrina Dittrich



Excerpt from epan.h:

/* A client will create one epan_t for an entire dissection session.
 * A single epan_t will be used to analyze the entire sequence of packets,
 * sequentially, in a single session. A session corresponds to a single
 * packet trace file. The reaons epan_t exists is that some packets in
 * some protocols cannot be decoded without knowledge of previous packets.
 * This inter-packet "state" is stored in the epan_t.
 */
/* XXX - NOTE: epan_t, epan_new and epan_free are currently unused! */