> I need to add one field/structure to the frame_data structure
What is the field you want to add?
> Has ethereal provided for some function/interface for this purpose?
Not *per se*, because C isn't a sufficiently advanced programming
language that a program can change the shape of structures at run time.
:-)
However, Ethereal *does* have a way for a protocol to attach to a frame
an arbitrary blob of data - see "p_add_proto_data()" and
"p_get_proto_data()".
"p_add_proto_data()" takes as arguments:
a "frame_data *" (pinfo->fd, typically),
the "proto_XXX" value for the protocol adding the data;
a "void *" that points to the data to be added.
"p_get_proto_data()" takes as arguments:
a "frame_data *" (pinfo->fd, typically),
the "proto_XXX" value for a protocol;
and returns a "void *" pointing to the data that protocol added to the
field, or NULL if the protocol added no data.
NOTE: this data is persistent, meaning that
1) if the dissector won't need this data on subsequent
re-dissections of the same frame, this wastes memory;
2) a protocol that does this must use "register_init_routine()"
to register an "initialization routine" that's called every
time a new capture file is read - that routine must free up
all blobs of data that it attached to frames (otherwise you
have a memory leak).
Check out the "memory chunk" routines in GLib:
http://developer.gnome.org/doc/API/glib/glib-memory-chunks.html
which are *very* handy if you're allocating fixed-length data
structures:
1) they call "malloc()" to allocate blocks containing *multiple*
chunks, which reduces the number of calls to "malloc()",
speeding memory allocation up;
2) they keep track of all blocks allocated, and offer a call to
free all blocks of a particular type, which is faster than
calling "free()" for every chunk.
See, for example, the SMTP dissector, which uses them to allocate data
structures that it attaches to frames.
