Re: using pinfo structure to save data after first iteration

[Anders Broman <anders.broman () ericsson com>]

From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of koundinya 
poluri
Sent: den 30 juni 2015 15:23
To: wireshark-dev
Subject: Re: [Wireshark-dev] using pinfo structure to save data after first iteration

> hi anders,
>
> Thanks for replying.So to sum it up, we just use conversation of a protocol to store info related to the whole flow or 
> conversation and we use >p_add_proto_data for a specific packet related data that is stored in frame_data strucutre 
> for each packet.When you said by combining them you mean >we copy data which is not specific to the packet from 
> conversation into pinfo using p_add_proto_data right?
>
> sorry for asking so many questions.I am trying hard to understand the flow clearly and found very few resources for 
> learning these advanced dissector >topics. :)

Well sort of, if you need information from previous packets you may store that in conversation data as the packets are 
dissected sequentially on the first pass
And use that info to fill in data needed by this packet, but that may only work if the packets arrive in sequence which 
is not guaranteed of course.
Note that any data stored per packet bloats Wiresharks memory footprint and should be used with care.

Regards
Anders


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe