Wireshark-dev: Re: [Wireshark-dev] Is there a good way of handling "per pdu" info ?
From: Richard van der Hoff <[email protected]>
Date: Tue, 13 Nov 2007 10:11:11 +0000
Stephen Fisher wrote:
On Mon, Nov 12, 2007 at 06:05:38PM -0000, Neil Piercy wrote:


I know there is per-packet info, but is there a way of
adding/retrieving per PDU info which copes with multiple PDUs in a
packet ? How does a dissector even know if it is handfling the first,
second etc PDU in a packet ?

This has been requested before, but has not been implemented to date in
Wireshark.  A workaround you can use is to use a linked list from GLib
(which has a nice easy interface to them) and store that in the per
packet info.  Each item in your list would correspond to a different
PDU.
But, as Neil asked, how would you know which PDU you were handling in 
the dissector?
One of us should get around to implementing per-pdu packet info in
Wireshark itself.  It wouldn't be too difficult.  All we need is spare
time :)
Hrm; it gets quite a lot harder when your PDUs can themselves span 
multiple packets (ie, there is no correspondence between PDUs and 
packets). See H.223 for details...
Richard