Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Getting data from pinfo

From: Shawn Mayer <mayer_sr@xxxxxxxx>
Date: Wed, 14 Apr 2010 21:32:46 -0400
Yes I have the tap being called from the aim messaging part of the dissector, since its the only part of the AIM protocol I'm interested in. I have a struct created to put the IP and other data I'm interested into, I'm just not sure where I get the IP from.

On 4/14/2010 9:28 PM, Guy Harris wrote:
On Apr 14, 2010, at 6:07 PM, Shawn Mayer wrote:

I'm trying to get the IPs from an aim_messaging packet to pass to my
tap.
Presumably the AIM dissector is setting up the call to your tap.  If so, it should put the IP addresses into a data structure and pass that to the tap as private data; that's how other taps work.

What exactly is pinfo
It's a (pointer to a) katamari:

	http://en.wikipedia.org/wiki/Katamari

"The game's plot concerns a diminutive prince on a mission to rebuild the stars, constellations, and Moon, which were accidentally destroyed by his father, the King of All Cosmos. This is achieved by rolling a magical, highly adhesive ball called a katamari around various locations, collecting increasingly greater objects, ranging from thumbtacks to people to mountains, until the ball has grown great enough to become a star."

The pinfo katamari has rolled around Ethereal/Wireshark for years, picking up various random bits of information to be passed between dissectors. :-)

If all of those were passed to dissectors as separate arguments, then

	1) the argument list to a dissector would change every time something else became part of the katamari

and

	2) a call to a dissector would probably take half a page of code just to pass the arguments.

and what does it contain?
Everything that somebody's decided would be useful to put into it.  (Yes, that's a serious description.  There's nothing very systematic about it.)

Should I avoid using it?
You should avoid just adding things if only your dissector and any taps for it would use them; it's for passing stuff between dissectors.  (And, yes, it probably should be cleaned up, with some more cleanly extensible mechanism for information-passing between dissectors.)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


NTMail K12 - the Mail Server for Education