Hi all, I am working on a dissector and have to save data after first iteration either a tvb or a buffer.I am trying to save it using add_new_data_source.My code looks something like this
I can see the new buffer in the ui beside the frame.But my aim is to save the buffer(or tvb) for the next iteration,so that I dont have to dissect the packet again instead just pass the stored buffer on to the dissector.Please suggest a way to store the buffer(or tvb) for the next iterations. Thanks This question is marked "community wiki". asked 29 Jun '15, 09:20 koundi |
One Answer:
You can use the p_add_proto_data/p_get_proto_data API described in doc/README.dissector chapter 2.5. answered 30 Jun '15, 03:30 Pascal Quantin |
Saving the buffer might be a bad idea for large capture files as you will use huge amount of memory...
ah yes! I do agree with you on that so I will have to come up with a way to save small value that should not change even after any number of iterations .I did read the README.dissector file but unfortunately i still cant completely understand how conversation and p_add_proto_data are related!Anyways thank you guys for all the help!
Best Regards, Koundinya
@anders @Pascal Quantin
Could you please give me an example of the implementation of p_add_proto_data/p_get_proto_data? I have been trying to apply it. but have been totally unsuccessful! Do you know if there is any wireshirk plugin where These has been used? Thanks
There are many, simply search for those functions in the dissectors, packet-xxx.c files (in epan/dissectors).
You mean like the decryption key used to decrypt the data? (I'm assuming each packet requires a separate key; if the entire session uses one key, it'd be best to save one copy attached to a "conversation" of some sort.)