Re: Getting data from pinfo

[Shawn Mayer <mayer_sr () wvwc edu>]

Yes I have the tap being called from the aim messaging part of the 
dissector, since its the only part of the AIM protocol I'm interested 
in. I have a struct created to put the IP and other data I'm interested 
into, I'm just not sure where I get the IP from.

On 4/14/2010 9:28 PM, Guy Harris wrote:
> On Apr 14, 2010, at 6:07 PM, Shawn Mayer wrote:
>
>    
> > I'm trying to get the IPs from an aim_messaging packet to pass to my
> > tap.
> >      
> Presumably the AIM dissector is setting up the call to your tap.  If so, it should put the IP addresses into a data 
> structure and pass that to the tap as private data; that's how other taps work.
>
>    
> > What exactly is pinfo
> >      
> It's a (pointer to a) katamari:
>
>       http://en.wikipedia.org/wiki/Katamari
>
> "The game's plot concerns a diminutive prince on a mission to rebuild the stars, constellations, and Moon, which were 
> accidentally destroyed by his father, the King of All Cosmos. This is achieved by rolling a magical, highly adhesive 
> ball called a katamari around various locations, collecting increasingly greater objects, ranging from thumbtacks to 
> people to mountains, until the ball has grown great enough to become a star."
>
> The pinfo katamari has rolled around Ethereal/Wireshark for years, picking up various random bits of information to 
> be passed between dissectors. :-)
>
> If all of those were passed to dissectors as separate arguments, then
>
>       1) the argument list to a dissector would change every time something else became part of the katamari
>
> and
>
>       2) a call to a dissector would probably take half a page of code just to pass the arguments.
>
>    
> > and what does it contain?
> >      
> Everything that somebody's decided would be useful to put into it.  (Yes, that's a serious description.  There's 
> nothing very systematic about it.)
>
>    
> > Should I avoid using it?
> >      
> You should avoid just adding things if only your dissector and any taps for it would use them; it's for passing stuff 
> between dissectors.  (And, yes, it probably should be cleaned up, with some more cleanly extensible mechanism for 
> information-passing between dissectors.)
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list<wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>               mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
>
>    

NTMail K12 - the Mail Server for Education
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe