Hello I wanted to know if there was a way to access the data of previous frame from the function static int dissect_custom_protocol(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_).
Ideally, I need tvbuff_t *tvb of the previous frame to extract information related to the current frame. To be able to use proto_tree_add_item(...) with the new tvb.
If a dissector for frame N meeds information from frame M for that protocol, where M < N, the dissector should maintain that state in private data, or per-frame data. What data do you need from the earlier frame?
The dissectors arwe only passed the content of the current packet. If any information from that packet is needed to dissect a following packet it must be saved in some way. Note that packets are only scanned in sequence on the first pas and may be re-read in any order.
It is Wireshark that re-reads in any order. What happens a load time is that the capture file is read sequentially once, then (for tshark only when -2 is given) again randomly for the packet to show. This means there is no concept of previous frame for a dissector. There is the current frame and the context build up during the initial sequential reading of the file. It is in this context you can store information collected from packets more to the start of the capture file. Look at conversation in README.dissector for how to handle this context.
Asked: 2020-06-22 07:10:34 +0000
Seen: 1,104 times
Last updated: Jun 22 '20
Thanks to all I had not understood this mechanism, I will save the data in an external file.