Wireshark-dev: [Wireshark-dev] Problem by writing a plugin, how to access the previous telegram
Title: Problem by writing a plugin, how to access the previous telegram?
Hello!
I'm trying to write a plugin for Wireshark to dissect a special Ethernet-Protocol.
But, to be able to dissect my telegrams, I need information of some bytes of the previous telegram.
Can you please tell me how to access the previous telegram while dissecting the current telegram?
I thought of the "tvb", because tvb->real_data contains the telegram-data, but how to get the data of real_data of the previous telegram?
And I thought of pinfo->fd, because I'm able to get the number of the previous telegram with pinfo->fd->prev->num.
And I read something in epan.h, that seemed to solve my problem, but I don't know, how to use it.
Please answer soon.
With kind regards
Sabrina Dittrich
Excerpt from epan.h:
/* A client will create one epan_t for an entire dissection session.
* A single epan_t will be used to analyze the entire sequence of packets,
* sequentially, in a single session. A session corresponds to a single
* packet trace file. The reaons epan_t exists is that some packets in
* some protocols cannot be decoded without knowledge of previous packets.
* This inter-packet "state" is stored in the epan_t.
*/
/* XXX - NOTE: epan_t, epan_new and epan_free are currently unused! */