> -----Original Message----- > >>I know there is per-packet info, but is there a way of > >>adding/retrieving per PDU info which copes with multiple PDUs in a > >>packet ? How does a dissector even know if it is handfling > the first, > >>second etc PDU in a packet ? > > > > This has been requested before, but has not been > implemented to date > > in Wireshark. A workaround you can use is to use a linked > list from > > GLib (which has a nice easy interface to them) and store > that in the > > per packet info. Each item in your list would correspond to a > > different PDU. > > But, as Neil asked, how would you know which PDU you were > handling in the dissector?
That is the issue I'm facing! > > One of us should get around to implementing per-pdu packet info in > > Wireshark itself. It wouldn't be too difficult. All we > need is spare > > time :) > > Hrm; it gets quite a lot harder when your PDUs can themselves > span multiple packets (ie, there is no correspondence between > PDUs and packets). See H.223 for details... I think what is actually needed is the concept of a PDU handle on an arbirtary point in the parsing - e.g. the concatenation of the frame number and the byte offset in that frame would be a suitable handle for a PDU which started at a "real" point in a frame, but this still would not work for constructed TVBs (e.g. a TVB carrying the decrypt from SSL). For that you would need have the PDU handle be based on the hierarchy of TVBs in some way. This is all sounding challenging to me, but could it be made to work for the normal case of a TVB being at an offset into a frame, and e.g. tvb_get_handle(tvb,offset) to return a PDU handle ? If you could do that then the per-packet info is good enough as you say with the list of entries. Neil _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
