Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4590] ANCP (Access Node Control Protocol) Dissector

Date: Mon, 29 Mar 2010 10:52:05 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4590

--- Comment #9 from Aniruddha <aniruddha.a@xxxxxxxxx> 2010-03-29 10:52:03 PDT ---
(In reply to comment #7)
> (In reply to comment #4)
> 
> 
> 
> > 3) I have "vim expandtab", and I have space-only indentation, no tabs
> >    if there are any specific Wireshark requirements for 
> >    indentation (or GNU indent with specific options), I can use that.
> 
> If you look at the actual indentation used you'll see that there are a few
> lines which have tabs as the indentation.
> 
> Also: the first line of the file is
> /* vim: set ts=8 noexpandtab : */
> I'm guessing that maybe this should be removed. (I'm not a vim user so I don't
> know if this line actually has any effect).
> 
> Also:
> 
> proto_register...  and proto_reg_handoff... (and the value_string definitions)
> are indented 8 spaces as opposed to the 4 space indentation of the rest.
> 
> Using 4,8,... spaces indentation everyplace will be fine.
> 
> 
> 
> > 5) hf[]: I did not want filtering-on/display-of all the header fields available
> >    so, made some empty (""), is there is a different way to accomplish
> >    this ?
> > 
> 
> The way that could be done is to use proto_add_text instead of proto_add_item.
> However, why don't you want to be able to filter on various of the fields ?
> We'd much rather have all fields be filterable.
> 
> 
> 
> > 10) I have verified the statistics, which counter did you feel was incorrect?
> > 
> >     With the sample capture that I have attached, 
> > 
> >     with the display filter ancp.mtype == 10 in use, we see 25 TCP packets
> >     with frame 7 having 2 ANCP packets (1 Syn and 1 SynACK) 
> >     i.e, 26 Adjacency packets total  (1 SynAck not seen in Info column
> >     because of 2 packets in same frame)
> > 
> >      Port Up - 4        (ancp.mtype == 80)
> >      Port Down - 2       (ancp.mtype == 81)
> >      Port Management - 4   (ancp.mtype == 32)
> > 
> >     (as shown in the stats)  
> > 
> 
> 
> OK: I'm not that familiar with 'stats'. I just tried creating the stats w/o any
> filter. Should that work ?
> 
> Trying again I see that I get different results for the stats w/o any filter
> depending upon whether I first create stats with a filter.
> 
> Also: The results for the 'no filter' case are different depending upon which
> filter I use first (eg: 'ancp' vs 'ancp.mtype==10').
> 
> Also: I think the 'no filter' results are different depending upon whether I
> just close/reopen the capture file or restart wireshark.
> 
> Seems fishy ....

Hi Bill,

I did not find sufficient examples for the stats interface, except HTTP.
I was not sure of the case when the stat is run without a filter
(or whether it will even be run without a filter!)
with a filter, it works fine, I had checked.
I have added a check to increment stats only when it is ANCP message
(IS_ANCP_MTYPE()) ; - please see packet-ancp.3.patch attachment.
Now, the stats will be 0 without any filter - is this the expected behavior?
As a last resort - if this whole stats thing is too confusing, I shall
remove it all-together! :(

--
Ani

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.