Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] [Patch] revised: tap-tcp_close

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 3 Dec 2002 14:23:01 -0800
On Tue, Dec 03, 2002 at 05:06:51PM -0500, Jason House wrote:
> I like your method... very simple :)
> 
> I've implemented the method you outlined, but now realize that I can't
> rely on the fields in pinfo since they could get modified after the call
> to dissect_tcp...

If there are taps that connect to a particular dissector (as opposed to
taps that process the protocol tree), they might want to be called as
soon as that dissector is finished, rather than after the dissection is
complete.

For those taps, the structure passed to them needn't be static.

I could also imagine a tap that would want only a subtree of the
protocol tree as built by a particular dissector; those could also work
that way.

However, that doesn't work if the dissector throws an exception - but
that's the case now; "tap_queue_message()" doesn't get called from the
ONC RPC dissector, for example, if "dissect_rpc_message()" throws an
exception.  Calling the tap if an exception is thrown before enough
information for the tap has been extracted would be a bad idea in any
case, as the information not extracted would be bogus.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube