Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: RE: [Ethereal-dev] [PATCH] SIP hidden fields for finding errors

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Biot Olivier <Olivier.Biot@xxxxxxxxxxx>
Date: Mon, 19 Apr 2004 13:48:00 +0200
Martin,

I'd suggest adding those fields in a subtree of the status line protocol
item, similar to what is done in the HTTP dissector.

Regards,

Olivier

|-----Original Message-----
|From: Martin Mathieson
|
|Can you point me at examples of this?  Is there a convention 
|to follow (I
|notice that TCP has a SEQ/ACK tree at the end) ?
|
|I've gotten used to adding hidden fields to my own private 
|dissectors, so
|obviously I know they're there :)
|
|
|----- Original Message -----
|From: Ronnie Sahlberg
|
|> Why add these as hidden fields?
|>
|> A lot of other dissectors add flags for duplicate detection 
|and also error
|> conditions and
|> make them visible in the dissect tree.
|> This makes it easier for users to see that the fields exist 
|and that they
|> can filter on them.
|> (Menu:Match/Selected works)
|>
|> Why not add these fields to the dissect tree as visible fields?
|>
|>
|> ----- Original Message -----
|> From: Martin Mathieson
|>
|> > The attached patches add 2 hidden display filters for SIP - namely:
|> > (1)  sip.error (for all responses with code >= 300)
|> > (2)  sip.resend (for all packets that appear to have been
|retransmitted).
|> A
|> > field showing a count of these is shown in the SIP stats window.
|> >
|> > These filters make it much easier to zero in on problems in large
|captures
|> > (e.g. bulk call tests) evident from the SIP stats window.
|> >
|> > (1) is straightforward, and needed because the response 
|code is regarded
|> as
|> > a string, so its not easy to write your own expression
|> >
|> > (2) is more involved, and I would like to hear from other SIP users
|about
|> > this addition. Some notes:
|> > -  Only considers UDP packets
|> > -  Hash table contains (call_id, source_addr, dest_addr) -> (cseq,
|> > simplified transaction_state).
|> > An earlier version used proper conversations but the 
|call-id is the most
|> > important part of the key.  Addresses are still needed for 
|when e.g.
|more
|> > than one leg of a proxied call is in the same capture.
|> > -  Size of hash table key and value memchunks (as number 
|of elements)
|are
|> > settable as a SIP property so as not to waste memory but 
|to still allow
|> > large values
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube