Wireshark · Ethereal-dev: Re: [Ethereal-dev] [Patch] revised: tap-tcp_close

["Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>]

From: "Jason House"
Sent: Wednesday, December 04, 2002 9:06 AM
Subject: Re: [Ethereal-dev] [Patch] revised: tap-tcp_close



>
> I've implemented the method you outlined, but now realize that I can't
> rely on the fields in pinfo since they could get modified after the call
> to dissect_tcp...   I'll make that fix in the relatively near future and
> submit an updated patch...

Se my other mail about what needs to be changed in the tap system.   The
cahnges woudl fix this problem as well. The flaw is in the design of the tap
system. It will be rectified as soon the new release is out.

>
> Are there any other problems with tap-tcp_close while I'm at it?
> What thoughts are there on the modifications to conversations?

I dont have any problems with it.
But maybe, it is very specific to a certain task?

Maybe, once I change the tap api and we push the packet-tcp.c changes in (so
that Pavels tcp code can use it as well)
we can add an extra parameter to the tcp_header struct?
 a pointer to (if present) the TCP ACK/SEQ analysis struct?

That way your analysis could also keep track of the number of
retransmissions/delayed-acks etc etcv
on a per conversation basis?