Wireshark-dev: Re: [Wireshark-dev] Subdissectors for HTTP connect traffic
From: Stephen Fisher <[email protected]>
Date: Thu, 10 Aug 2006 13:52:56 -0700
On Thu, Aug 10, 2006 at 10:21:14PM +0200, Joerg Mayer wrote:

> That's the point where I'm not sure: Look at an example where someone 
> transferrs a dvd-image over https. So far, we look at each packet and 
> once it's gone, the memory is freed. With conversations the memory 
> will be freed once the conversation is over - which might be a bit 
> more memory consuming. I don't have very detailed knowledge of 
> conversation stuff, but that's how it looks to me at first sight. 
> Don't get me wrong, I very much like the new feature, but if I'm 
> correct, there should be a button to enable/disable this feature.

I see what you're saying.  The only information I'm keeping for the 
duration of the conversation is the http_info_value_t structure from 
packet-http.h called stat_info in packet-http.c:

typedef struct _http_info_value_t
        gchar   *request_method;        
        guint    response_code;
        gchar   *http_host;
        gchar   *request_uri;
} http_info_value_t;

The request_method, request_uri and http_host are allocated as necessary 
and store only short strings (method = "connect", request_uri = 
"hostname:port", http_host = "hostname").  No other data from the packet 
is kept, so even a dvd image over https won't use extra memory.