Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] using pinfo structure to save data after first iteration

Date Prev · Date Next · Thread Prev · Thread Next
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Tue, 30 Jun 2015 14:04:38 +0000

 

 

From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of koundinya poluri
Sent: den 30 juni 2015 15:23
To: wireshark-dev
Subject: Re: [Wireshark-dev] using pinfo structure to save data after first iteration

 

>hi anders,

> 

>Thanks for replying.So to sum it up, we just use conversation of a protocol to store info related to the whole flow or conversation and we use >p_add_proto_data for a specific packet related data that is stored in frame_data strucutre for each packet.When you said by combining them you mean >we copy data which is not specific to the packet from conversation into pinfo using p_add_proto_data right?

> 

>sorry for asking so many questions.I am trying hard to understand the flow clearly and found very few resources for learning these advanced dissector >topics. :)  

 

Well sort of, if you need information from previous packets you may store that in conversation data as the packets are dissected sequentially on the first pass

And use that info to fill in data needed by this packet, but that may only work if the packets arrive in sequence which is not guaranteed of course.

Note that any data stored per packet bloats Wiresharks memory footprint and should be used with care.

 

Regards

Anders