Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How to access lower level protocol data from a higher level

Date Prev · Date Next · Thread Prev · Thread Next
From: Dylan Ulis <dylan.ulis@xxxxxxxxx>
Date: Fri, 30 Aug 2019 13:42:00 -0400
Thanks to you both, I should have thought of pinfo. Looks like it has both layer 2 and 3 addresses in there, which is all I need from the other layers. I'll be sure to confirm that type is AT_ETHER

On Fri, Aug 30, 2019 at 1:37 PM Guy Harris <guy@xxxxxxxxxxxx> wrote:
On Aug 30, 2019, at 10:17 AM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:

> On Fri, Aug 30, 2019 at 10:00 AM Dylan Ulis <dylan.ulis@xxxxxxxxx> wrote:
>>
>> How can I get lower level protocol data in a higher level dissector? eg: I'd like to get the source/destination MAC address in my application layer dissector.
>
> Isn't that info in the pinfo?

Yes, they're pinfo->dl_src and pinfo->dl_dst.

Do *NOT* assume that they are addresses of type AT_ETHER unless you can guarantee that your dissector is only called for packets that *have* MAC addresses (for example, if your protocol runs atop IPv4 or IPv6, you can't guarantee that).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe