Hi,
Let me point you in the direction of conversations. This is a concept
described in doc/README.developer. It comes down to attaching your data to
a source/destination address/port pair, which you then can retrieve
while dissecting subsequent packets.
Thanx,
Jaap
On Fri, 8 Dec 2006, Dittrich Sabrina (PEA-Fe2/BA-ET) wrote:
> Hello!
>
> I'm trying to write a plugin for Wireshark to dissect a special
> Ethernet-Protocol.
> But, to be able to dissect my telegrams, I need information of some
> bytes of the previous telegram.
> Can you please tell me how to access the previous telegram while
> dissecting the current telegram?
> I thought of the "tvb", because tvb->real_data contains the
> telegram-data, but how to get the data of real_data of the previous
> telegram?
> And I thought of pinfo->fd, because I'm able to get the number of the
> previous telegram with pinfo->fd->prev->num.
> And I read something in epan.h, that seemed to solve my problem, but I
> don't know, how to use it.
> Please answer soon.
>
> With kind regards
> Sabrina Dittrich
>
>
>
> Excerpt from epan.h:
>
> /* A client will create one epan_t for an entire dissection session.
> * A single epan_t will be used to analyze the entire sequence of
> packets,
> * sequentially, in a single session. A session corresponds to a single
> * packet trace file. The reaons epan_t exists is that some packets in
> * some protocols cannot be decoded without knowledge of previous
> packets.
> * This inter-packet "state" is stored in the epan_t.
> */
> /* XXX - NOTE: epan_t, epan_new and epan_free are currently unused! */
>
>
