Awesome! Thanks for all the information and advice. Kenny
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Bill Meier Sent: November-22-11 7:19 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] What is the best way to create a statefuldissector? On 11/22/2011 7:02 PM, Bill Meier wrote: > > So, it may be the case that you'll need to store "per-frame" info > about any decisions made as to how to dissect a particular packet > based upon a previous packet. > > When an arbitrary packet is then dissected again later the associated > per-packet info is used to do the dissection in the same way as done > during the first sequential pass. > Or: If the nature of the state info is akin to "setup" info which once seen applies to all the following packets of a conversation then use of a conversation should be sufficient. (Of course your dissector will need to handle the case wherein a capture "starts in the middle" such that info from a previous packet is not available). If the state info can be different for each of the streams then you may want to use a GHashtable associated with a conversation to store info for each individual stream associated with a conversation (connection). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe IMPORTANT CONFIDENTIALITY NOTICE This message and any attached documents contain information from ViXS Systems, Inc. and are confidential and privileged and further subject to any confidentiality agreement between the parties. The information is intended to be viewed only by the individual(s) or entity(ies) to whom the message is addressed. If you are not the intended recipient, be aware that reading, disclosing, copying, distributing or using the contents of this transmission is prohibited. Please notify us immediately if you have received this transmission in error, and delete this message along with any attached files. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
