Wireshark-dev: Re: [Wireshark-dev] SCPS dissector.

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 6 Oct 2008 09:44:44 -0700

On Oct 6, 2008, at 8:09 AM, Cosmin Craciunescu wrote:

One problem is in order to dissect IP protocol 0x69 (SCPS)

SCPS compressed TCP, that is (according to the SCPS-NS specification).

I need to
have access to information from the TCP packet with the SYN flag for
this connection (it's a convoluted protocol).

I.e., the connection starts out using TCP (protocol 6) and then switches to compressed-header TCP (protocol 105)?

Does the initial SYN always have SCPS options? If so, dissect_tcpopt_scps() in the TCP dissector could attach the relevant information to the conversation for the TCP connection, and the SCPS dissector could look for the TCP conversation and use that information. If not, the TCP dissector might have to have an option to create a conversation and attach the relevant data (if it already does so, it probably needs to have that controlled by an option, so that a TCP capture with a SYN flood doesn't cause a lot of conversations to be allocated - that was an issue with tcpdump, which allocates a conversation data structure by default).