Wireshark-dev: Re: [Wireshark-dev] referring to a previous packet
From: Jaap Keuter <[email protected]>
Date: Wed, 27 Jun 2007 13:02:44 +0200 (CEST)
Hi,

This problem can be addressed by means of conversations. See the
README.developer on the concept and all relevant details how to use it.

Thanx,
Jaap

On Wed, 27 Jun 2007, Manuel Jung wrote:

> Hello,
>
> I have to build a dissector for a non-public protocol.
>
> The protocol I have to dissect is an encapsulation for another one. There are 2 types of packets. The one is with Message Buffer (MB) and the other is with User buffer (UB).
>
> In a packet with MB there is a tag that indicates that the next packet has UB. If the tag is not set the next message has also MB and there can be the tag.
>
> How can I realize this in my dissector?
>
> I tried it with a global varibale that indicate it and which is checked before dissecting.
>
> /* BEGIN CODE */
>
> /* this is the global variable */
> gint with_ub = 0;
>
> void dissect_foo() {
>   if (with_ub == 1) {
>     decode_with_ub();
>   } else {
>     decode_with_mb();
>   }
>
>   /* tag == 1 if the next message is with UB */
>   if (tag == 1) {
>     with_ub = 1;
>   } else {
>     with_ub = 0;
>   }
> }
>
> /* END CODE */
>
> But this doesn't work because the protocol tree is built up again each time I click on a packet to see the detailed tree. So if I click on a packet which has the tag, my variable "with_ub" is set to true and so the next packet will be dissectet as a packet with_ub. But then I click on another packet (NOT the next one) and wireshark "thinks" that this packet has to be decoded with_ub because the variable "with_ub" is set.
>
> Does anybody understood what I mean? ;-). The dissect_foo()-function is called each time I click on a packet to see the details.
>
> How can I refer in the dissect_foo()-function to the packet before.
> --
> Psssst! Schon vom neuen GMX MultiMessenger geh??rt?
> Der kanns mit allen: http://www.gmx.net/de/go/multimessenger
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>