|
I've written a dissector that takes various UDP ports and dissects their packets. Now I'm writting a subdissector that my dissector calls based on an id value that it decodes. I have the subdissector registering for a range of ids (ex 600-700), however, I'm not sure of the best way to pass that id value to the subdissector. Any suggestions? Additional information: I parse about 4 different items in the dissector before I pass to the sub. if the id was last I would just move my offset back when I make this call however the id is the first of the 4 values and I don't want the subdissector to have to grab the id and then cleanup the other values on its own. I'm looking for a cleaner way to do this. A similar but related problem would be how my top dissector could figure out which of the several udp ports it's registered for was actually the reason it was called. |
|
I think I have found a solution that will solve my problem. A lot of grepping and a re-read of the README.developer led me to the private-data field of the packet-info struct. Since I already pass pinfo to the sub-dissector, this method should store my id value per packet. If I end up with more arguments that I want to keep with the packet I'll just define my own struct in a header and include it in the dissector and sub-dissector and cast the void pointer properly on either side. The code builds but I haven't had a chance to test it yet. |
Possibly related: What is the best way to track information between packets during dissection?
I don't think conversations will help because I only want to pass this data per packet.