Wireshark-dev: Re: [Wireshark-dev] Global variables

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 29 Jul 2010 22:03:35 +0200
On 07/29/2010 09:46 PM, Guy Harris wrote:

On Jul 29, 2010, at 8:02 AM, C�sar Gomes wrote:

I'm currently working on a dissector, and I need to make so that one
variable has the same value at the begining of a capture, the value then
can change, but in the beginning it has to be the same, how can I do that?

Note that there is no guarantee that, in Wireshark, after the file has been
read in for the first time, your packets will be dissected in order.  When
the file is read in, each packet is dissected in order (note, however, that
there is no guarantee that you will be asked to build a protocol tree on that
first dissection, so don't build state only if the tree argument is
non-null!), and you can use that pass to build state.

To add to this, you can use the frame data visited flag for this. In release 1.4 and trunk this flag is available through a macro:

#define PINFO_FD_VISITED(pinfo)   ((pinfo)->fd->flags.visited)

In release 1.0 and 1.2 you'll have to code it yourself.

After that, users can
click on whatever packets they want, in whatever order they want, and, when a
packet is clicked on, it is dissected.

In other words, do *NOT* maintain, in a global variable, state that changes
from packet to packet, and assume that, when a packet is dissected, the state
will reflect only the packets before the packet in question.  You might have
to attach state information to packets in order to dissect them after the
first pass.