Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] access to older packets and other layers

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Stephan Neumann" <neumann_stephan@xxxxxxx>
Date: Sat, 24 May 2008 09:57:35 +0200
Thanks
I will check it

-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Sake Blok
Gesendet: Freitag, 23. Mai 2008 16:49
An: Developer support list for Wireshark
Betreff: Re: [Wireshark-dev] access to older packets and other layers

On Fri, May 23, 2008 at 10:11:45AM +0200, Stephan Neumann wrote:
> I write an own dissector and I have two problems:
> 
> 1st problem:
> I want to save a attribute in a packet and an another packet 
> should be able to read that attribute.
> example: first packet save a number in a variable and perhaps 
> the 10th packet of my dissector wants to read the variable.
> My first idea was an file, but perhaps someone has an better 
> Idea or a dissector example where this problem is solved

There is a framework for this very common problem. Have a look
at section 2 in "doc/README.developer", it discusses the use
of conversations. In section 2.2.4 and 2.2.5 you will find
information on how to store protocol data into a conversation
and retrieve the information later on (ie x packets later).

 
> 2st problem:
> The dissector is an heuristic dissector on TCP and I want to 
> read the Port of TCP and the Address of IP. My first (very bad) 
> idea is to change the "packet-tcp.c" and the "packet-ip.c". 
> Has anybody an idea to solve that problem without changing files 
> from the original source code of Wireshark.

This is also a very common problem and this is solved by keeping
a "pinfo" struct which gathers all kind of information of lower
layer protocols to be available to higher layer protocols. The
IP src and dst and TCP srcport and dstport and one of the most
frequently used values that are used in this struct. Have a look
at "epan/packet_info.h" to see what is already 'recorded' for 
you :-)


For an example of using conversations and pinfo, have a look 
at "epan/dissectors/packet-pop.c"

Hope this helps,
Cheers,
    Sake
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube