Wireshark mailing list archives

Re: using pinfo structure to save data after first iteration

From: Anders Broman <anders.broman () ericsson com>
Date: Tue, 30 Jun 2015 12:49:16 +0000



From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of koundinya 
poluri
Sent: den 30 juni 2015 14:13
To: wireshark-dev
Subject: Re: [Wireshark-dev] using pinfo structure to save data after first iteration

Hi guys,

I am not completely familiar with the conversations part of wireshark.I did go throught the sharkfest ppt by Guy 
Haaris.Then I realized that i can use >the p_add_proto_data or p_get_proto_data to save data for each packet.I am not 
familar with it so I am reading rtp dissectors's code to understand it >better.

As I understand a conversation is created using the port and ip addresses and then dissectors add their convo_data 
using the handle(proto_rtp in case >of rtp) then you can get get the conversation using find_conversation.The link I 
am missing is how is this conversation related to p_add/get_proto_data.
So I have a couple of questions hope you dont mind answering them!

1.How is a conversation related to p_add/get_proto_data.


It’s not related, in the conversation data you can store information related to all packets in a “flow” or 
“conversation”. In p_add/get_proto_data each
Protocol(and key) can store data per frame on the first pass where things are done in sequence to be used later where 
frames can be selected randomly.

You may want to combine the two however to build the information you need.

2.where does p_add_proto_data save the data after it is called?

In a list in the frame data structure, but you should use the accessor functions, protocol and key is used to get the 
right list item.

Thanks a lot!
-koundinya

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

using pinfo structure to save data after first iteration koundinya poluri (Jun 29)
- Re: using pinfo structure to save data after first iteration Anders Broman (Jun 30)
- <Possible follow-ups>
- Re: using pinfo structure to save data after first iteration koundinya poluri (Jun 30)
  - Re: using pinfo structure to save data after first iteration Anders Broman (Jun 30)
- Re: using pinfo structure to save data after first iteration koundinya poluri (Jun 30)
  - Re: using pinfo structure to save data after first iteration Anders Broman (Jun 30)