This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

saving data in pinfo for each packet

0

Hi all,

I am working on a dissector and have to save data after first iteration either a tvb or a buffer.I am trying to save it using add_new_data_source.My code looks something like this

guint8 *decrypted_buffer;
<---do something with the buffer and fill it -->
tvbuff_t *decrypt_tvb = tvb_new_child_real_data(tvb,decrypted_buffer,sizeof(decrypted_buffer),sizeof(decrypted_buffer));
add_new_data_source(pinfo,decrypted_tvb,"Decrypted Data");

I can see the new buffer in the ui beside the frame.But my aim is to save the buffer(or tvb) for the next iteration,so that I dont have to dissect the packet again instead just pass the stored buffer on to the dissector.Please suggest a way to store the buffer(or tvb) for the next iterations.

Thanks
Koundinya.

This question is marked "community wiki".

asked 29 Jun '15, 09:20

koundi's gravatar image

koundi
9791119
accept rate: 0%


One Answer:

2

You can use the p_add_proto_data/p_get_proto_data API described in doc/README.dissector chapter 2.5.

answered 30 Jun '15, 03:30

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

Saving the buffer might be a bad idea for large capture files as you will use huge amount of memory...

(30 Jun '15, 03:46) Anders ♦

ah yes! I do agree with you on that so I will have to come up with a way to save small value that should not change even after any number of iterations .I did read the README.dissector file but unfortunately i still cant completely understand how conversation and p_add_proto_data are related!Anyways thank you guys for all the help!

Best Regards, Koundinya

(30 Jun '15, 05:54) koundi

@anders @Pascal Quantin

Could you please give me an example of the implementation of p_add_proto_data/p_get_proto_data? I have been trying to apply it. but have been totally unsuccessful! Do you know if there is any wireshirk plugin where These has been used? Thanks

(09 Feb '17, 07:05) xaheen

There are many, simply search for those functions in the dissectors, packet-xxx.c files (in epan/dissectors).

(09 Feb '17, 07:32) grahamb ♦

so I will have to come up with a way to save small value that should not change even after any number of iterations

You mean like the decryption key used to decrypt the data? (I'm assuming each packet requires a separate key; if the entire session uses one key, it'd be best to save one copy attached to a "conversation" of some sort.)

(09 Feb '17, 23:02) Guy Harris ♦♦