Wireshark-users: Re: [Wireshark-users] Saving packet related information in pinfo.private_data

From: Sidda Eraiah <sidda.eraiah@xxxxxxxxxxx>
Date: Wed, 16 Jun 2010 13:59:31 -0700

Thanks for your response. I looked up for some samples for accessing reassembly functions and conversation related functions that are called from Lua Dissector scripts and could not find any.

Please provide a sample in Lua for accessing conversation and reassembly functions. Is this documented someplace?

Thanks in advance.

Best Regards,

On Tue, Jun 15, 2010 at 11:41 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:

Two things:
1. There are reassembly functions available for dissectors to use. These might help you out. 

2. The pinfo only lives for a single packet dissection, so that won't work.  What you need to do is look into conversations, see README.developer section 2.2. 


Send from my iPhone

On 15 jun 2010, at 19:13, Sidda Eraiah <sidda.eraiah@xxxxxxxxxxx> wrote:


I am writing a dissector for a custom protocol and have a situation where packets on the wire may contain one or more frames. Also one frame can straddle across many packets. When I detect that a frame is straddling across multiple packets I would like to be able to set some custom data on pinfo to say how far I have progressed in getting the frame during the first pass (while recording traffic). I need this information stored per packet, as the dissector is can be called on random packet (due to user selecting one packet in the UI).

I tried using pinfo.private_data and set some value on it by the following code in the dissector method:

         print("pinfo.private_data: "..tostring(pinfo.private_data))
        pinfo.private_data = {"mydata", 1, 2, 3, 4}
        print("pinfo.private_data: "..tostring(pinfo.private_data))

This prints out the following:

pinfo.private_data: userdata: 0x7fff1c257f20
pinfo.private_data: userdata: 0x7fff1c257f20
userdata: 0x7fff1c257f20

As you see the data that I am trying to set is not being retained in pinfo.private_data. 

Is there a way to store some private data on pinfo that is retained next time the dissector is called with the same packet? 

Any workaround or suggestion is appreciated.

I am using Version 1.2.7 of Wireshark on Ubuntu 10.04 LTS.

Best Regards,

Director of Management Services
>|< Kaazing Corporation >|<
888, Villa St. Suite #410, Mountain View, CA 94041, USA

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users