I've written a dissector that takes various UDP ports and dissects their packets. Now I'm writting a subdissector that my dissector calls based on an id value that it decodes. I have the subdissector registering for a range of ids (ex 600-700), however, I'm not sure of the best way to pass that id value to the subdissector. Any suggestions? Additional information: I parse about 4 different items in the dissector before I pass to the sub. if the id was last I would just move my offset back when I make this call however the id is the first of the 4 values and I don't want the subdissector to have to grab the id and then cleanup the other values on its own. I'm looking for a cleaner way to do this. A similar but related problem would be how my top dissector could figure out which of the several udp ports it's registered for was actually the reason it was called. asked 26 Jan '12, 11:26  simply_blue edited 26 Jan '12, 13:19  multipleinte... |
2 Answers:
I think I have found a solution that will solve my problem. A lot of grepping and a re-read of the README.developer led me to the private-data field of the packet-info struct. Since I already pass pinfo to the sub-dissector, this method should store my id value per packet. If I end up with more arguments that I want to keep with the packet I'll just define my own struct in a header and include it in the dissector and sub-dissector and cast the void pointer properly on either side. The code builds but I haven't had a chance to test it yet. answered 26 Jan '12, 13:46 simply_blue edited 26 Jan '12, 13:47 |
I found it here https://www.wireshark.org/lists/wireshark-dev/200911/msg00203.html Sorry, It is not an answer to your question. This lua snippet describes sub-dissector calling. answered 18 Nov '14, 03:25  hexum edited 18 Nov '14, 03:29 |
Possibly related: What is the best way to track information between packets during dissection?
I don't think conversations will help because I only want to pass this data per packet.