---- On Fri, 11 May 2012 08:30:03 -0600 Tobias Weiss wrote ---- > >Right now I'm puzzled: I wanted to use conversation tracking in order to save >information about the state of the communication across packet dissection. > >The dissector is called completely out of order (which is reasonable) but I >get always the same conversation, even when dissecting an older packet than >the last one. So saving the state of the communication is completely pointless >if the same conversation is used for dissecting random packets. Here is an >example just in case you don't understand my possibly weird English ;-) > >I have a stream of 10 packets and something interesting was send in packet >number 3. Now I want to save this information in the conversations data in >order to reuse it when dissecting future packets. But the dissector is called >randomly (which is ok) but always with the same conversation (which is >absolutely not ok in this case). > >I simply cannot rely on the saved information. So how am I supposed to use >conversation tracking in a sane way (as far as I can see I can't _track_ >anything)???
Are you trying to keep track of where the current packet belongs in the whole conversation? The exec dissector I previously mentioned (packet-exec.c) does this. Look at the exec_hash_entry_t struct up toward the top. A more advanced (overly complex) version of this is in the VNC dissector (packet-vnc.c). In the VNC dissector, we use both per conversation data (such as conversation_add_proto_data) and per packet info (such as p_get_proto_data). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
