Wireshark-dev: Re: [Wireshark-dev] Getting data from pinfo

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 14 Apr 2010 23:38:44 -0700
On Apr 14, 2010, at 6:32 PM, Shawn Mayer wrote:

> Yes I have the tap being called from the aim messaging part of the 
> dissector, since its the only part of the AIM protocol I'm interested 
> in. I have a struct created to put the IP and other data I'm interested 
> into, I'm just not sure where I get the IP from.

In this case, you'd modify the part of the AIM dissector that puts the IP address in question into the protocol tree to also put the IP address into the structure.

There *is* a way to get at the raw protocol tree in a tap, but not through the pinfo argument; it's through the edt argument.  edt->tree is the protocol tree, but digging through that to find a particular AIM field could be a pain.