Wireshark-users: Re: [Wireshark-users] Saving packet related information in pinfo.private_data
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 15 Jun 2010 23:41:44 -0700
Hi,

Two things:
1. There are reassembly functions available for dissectors to use. These might help you out. 

2. The pinfo only lives for a single packet dissection, so that won't work.  What you need to do is look into conversations, see README.developer section 2.2. 

Thanks,
Jaap

Send from my iPhone

On 15 jun 2010, at 19:13, Sidda Eraiah <sidda.eraiah@xxxxxxxxxxx> wrote:

Hi

I am writing a dissector for a custom protocol and have a situation where packets on the wire may contain one or more frames. Also one frame can straddle across many packets. When I detect that a frame is straddling across multiple packets I would like to be able to set some custom data on pinfo to say how far I have progressed in getting the frame during the first pass (while recording traffic). I need this information stored per packet, as the dissector is can be called on random packet (due to user selecting one packet in the UI).

I tried using pinfo.private_data and set some value on it by the following code in the dissector method:

         print("pinfo.private_data: "..tostring(pinfo.private_data))
        pinfo.private_data = {"mydata", 1, 2, 3, 4}
        print("pinfo.private_data: "..tostring(pinfo.private_data))
        print(tostring(pinfo.private_data))

This prints out the following:


pinfo.private_data: userdata: 0x7fff1c257f20
pinfo.private_data: userdata: 0x7fff1c257f20
userdata: 0x7fff1c257f20


As you see the data that I am trying to set is not being retained in pinfo.private_data. 

Is there a way to store some private data on pinfo that is retained next time the dissector is called with the same packet? 

Any workaround or suggestion is appreciated.

I am using Version 1.2.7 of Wireshark on Ubuntu 10.04 LTS.

--
Best Regards,
Sidda

Director of Management Services
>|< Kaazing Corporation >|<
888, Villa St. Suite #410, Mountain View, CA 94041, USA
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe