2015-10-12 17:35 GMT+02:00 Jeff Morriss <[email protected]>: > On 10/06/15 02:17, Pascal Quantin wrote: > >> >> >> 2015-10-06 8:07 GMT+02:00 Petr Gotthard <[email protected] >> <mailto:[email protected]>>: >> >> Hello, >> >> Is there a way to distinguish multiple frames of the same protocol >> in one TCP/IP packet? I have several small AMQP frames which all fit >> into a single IP frame, so they share a single packet_info >> structure.When I call p_add_proto_data() for the second AMQP frame, >> it (obviously) overwrites data stored for the first frame, so I need >> to distibguish between them somehow. >> >> Is there a counter that would tell me "this is a third AMQP frame in >> this pinfo"? I found packet_info->curr_layer_num, but this is useful >> for nested frames (like IP in IP). Is there something similar for >> groupped frames, please? >> >> >> Hi Peter, >> >> I'm not sure we have such counter, but >> https://code.wireshark.org/review/#/c/10579/ suggested the use of >> tvb_raw_offset as key for p_(add|get)_proto_data() functions which seems >> a good tradeoff. >> > > Actually there is such a counter in frame_data: subnum. But it's not > widely used: for now it's only used in EPL, RRC, and UMTS_FP.
Thanks for the hint Jeff (I did not know this one). It appears that frame_data.c is only setting it to 0, and that increment need to be handled directly by dissectors. So it means that for a wider usage, (tcp|udp)_dissect_pdus() function (among others) should be modified so as to increment it when calling a new subdissector. Cheers, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
