Wireshark-dev: Re: [Wireshark-dev] Is there a good way of handling "per pdu" info ?
From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Date: Tue, 13 Nov 2007 10:11:11 +0000
Stephen Fisher wrote:
On Mon, Nov 12, 2007 at 06:05:38PM -0000, Neil Piercy wrote:


I know there is per-packet info, but is there a way of
adding/retrieving per PDU info which copes with multiple PDUs in a
packet ? How does a dissector even know if it is handfling the first,
second etc PDU in a packet ?


This has been requested before, but has not been implemented to date in
Wireshark.  A workaround you can use is to use a linked list from GLib
(which has a nice easy interface to them) and store that in the per
packet info.  Each item in your list would correspond to a different
PDU.

But, as Neil asked, how would you know which PDU you were handling in the dissector?

One of us should get around to implementing per-pdu packet info in
Wireshark itself.  It wouldn't be too difficult.  All we need is spare
time :)

Hrm; it gets quite a lot harder when your PDUs can themselves span multiple packets (ie, there is no correspondence between PDUs and packets). See H.223 for details...

Richard