 | 1 | initial version |
How to stop dissectting in the second time when I click message.
You can't. That's not a bug, that's a feature. To save memory (and it's a lot of memory being saved!), we do not save the results of dissecting packets - we regenerate them, by re-dissecting, when necessary.
My scenario as below: dissect one message called message_type_A and store some information to variable "a" from this message, then in following messages if it is message_type_B, it will select different dissector for one segment in message_type_B according to the value in "a" then clean variable "a".
Presumably there's some way in which you can determine that the messages are part of the same conversation; they might, for example, be part of the same TCP connection, if your protocol runs on top of TCP or on top of something that runs on top of something that runs on top of TCP, etc..
What you should do is, the first time the message of type message_type_A is dissected (i.e., when pinfo->fd->visited is false), store the information in information in data associated withe the conversation, rather than in a local variable, and ALSO use p_add_proto_data(), as per section 2.5 "Per-packet information" in the doc/README.dissector file in the Wireshark source code, to store the type message_type_A as the type of the message. Then, when you dissect the message of type message_type_B, fetch the information and, as it says the previous message was of type message_type_A, dissect its as being of type message_type_B AND use p_add_proto_data() to store the type message_type_B as the type of that message.
Then, all other times that the message is dissected (i.e.. when pinfo->fd->visited is true), use p_get_proto_data() to get the message type.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
