There are two reasons why you should not be doing this. The first being, that fields and their meaning may change, leading to your code breaking. But more importantly, speed. Traversing through the fields will take significantly more time everytime your dissector is being called.
The right thing to do would be to adapt the IP dissector in such a way that the information you seek is being stored and can easily be called upon. But searching for specific fields will only slow your dissector down
kind regards
Roland
Hi,
I'm really having a hard time finding a definitive answer to my
question, so I'm asking it here, hoping that someone knowledgeable
will shine some light.
I'm writing a dissector in C for a protocol that uses UDP packets as its
transport mechanism. Nevertheless, some of the contents of the fields
in the protocol header make sense only when paired with information
from the IP header, such as the DSCP, which is not kept in any field
of pinfo.
I'm looking for a way to access these lower-layer header fields from
my dissector, but it looks like this information is entirely kept out
of my reach. Is there a way to access, say, ip.dsfield.dscp, from the
dissector that is attached to a specific udp.port?
Thanks in advance for your help.
Ignacy
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe