The packet_info contains a frame_data field which in turn contains a "visited" flag that indicates if the frame has been "visited" or not. This might be of use to you. (Look for examples of "pinfo->fd->flags.visited" in other dissectors.)
- Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Sinclair Sent: Tuesday, March 25, 2008 9:54 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Getting ACK/SEQ numbers in a dissector Bummer. Well, in that case, is there a way in Wireshark to keep track of packets that have already been processed (since they seem to get processed twice..once for INFO and one for tree)? The problem I'm facing is that I have a set of static indexes into an encryption array. The first time it's called (to do the INFO column) everything is fine. The second time it's called (to do the tree) the dissector has no way of knowing the original position in the data stream so the indexes no longer line up and the data is corrupted. That's why I wanted to use the sequence numbers since they'd provide a constant index. I guess I'm having problems with the seemingly stateless nature of the dissectors. Any suggestions around this would be appreciated. greg. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris Sent: Tuesday, March 25, 2008 1:24 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Getting ACK/SEQ numbers in a dissector Greg Sinclair wrote: > Its the <sequence number..> part I need help filling in. Can someone > help me figure out how to do this in a regular dissector function? And > to make matters worse, I'd need the relative sequence number instead > of the absolute sequence number. There's no guarantee that you have the initial 3-way handshake in a capture, so there's no guarantee that you *can* have the relative sequence number. Currently, I don't think there's any way to get the relative sequence number even if it *is* known, and there's definitely no way to determine whether it's known. _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
