Hello,
I have to build a dissector for a non-public protocol.
The protocol I have to dissect is an encapsulation for another one. There are 2 types of packets. The one is with Message Buffer (MB) and the other is with User buffer (UB).
In a packet with MB there is a tag that indicates that the next packet has UB. If the tag is not set the next message has also MB and there can be the tag.
How can I realize this in my dissector?
I tried it with a global varibale that indicate it and which is checked before dissecting.
/* BEGIN CODE */
/* this is the global variable */
gint with_ub = 0;
void dissect_foo() {
if (with_ub == 1) {
decode_with_ub();
} else {
decode_with_mb();
}
/* tag == 1 if the next message is with UB */
if (tag == 1) {
with_ub = 1;
} else {
with_ub = 0;
}
}
/* END CODE */
But this doesn't work because the protocol tree is built up again each time I click on a packet to see the detailed tree. So if I click on a packet which has the tag, my variable "with_ub" is set to true and so the next packet will be dissectet as a packet with_ub. But then I click on another packet (NOT the next one) and wireshark "thinks" that this packet has to be decoded with_ub because the variable "with_ub" is set.
Does anybody understood what I mean? ;-). The dissect_foo()-function is called each time I click on a packet to see the details.
How can I refer in the dissect_foo()-function to the packet before.
--
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kanns mit allen: http://www.gmx.net/de/go/multimessenger