This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t access private_data

0

I need to read the packet sequence somehow (or otherwise identify retransmissions) from my dissect_foo, but I can't read data from private_data. According to packet-tcp.h, private_data is in pinfo and can be accessed for information about the packet. Unfortunately the value of private_data is NULL so I can't do anything with it. Other than modifying packet-tcp itself, is there any way that I can identify whether a packet is a retransmission?

asked 19 Jan '15, 10:48

nicole_identity's gravatar image

nicole_identity
11336
accept rate: 0%


One Answer:

2

The tcp_analysis structure can be retrieved thanks to the get_tcp_conversation_data() function. The flags can then be retrieved by doing a lookup on the acked_table (see tcp_analyze_get_acked_struct() function in packet-tcp.c for details).

If you want to have access to the tcpinfo struct, then the method differs depending on the version you use: pinfo->private_data is no more used in master branch (1.99.X version). Instead the structure is given in the data parameter of your dissector (you must register your dissector as new_dissector_t to have access to it).

answered 19 Jan '15, 12:59

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%