Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] referring to a previous packet

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Manuel Jung" <klaus84@xxxxxxx>
Date: Thu, 28 Jun 2007 14:39:41 +0200
Thanks a lot for your hind.

This is my code I have now. If the tag is set (pkt_typ & 0x20) then the next packet is with UB. So I create an empty conversation. The next message don't have the tag so that's why in the next package the routine jumps into the else-path and looks for a conversation. If there is a conversation (should be if the previous packet has the tag), then dissect it "with_ub()" and then delete the conversation.

So if the tag is not set und the previous packet didn't have the tag, too, then the routine jumps into the else-path but doesn't find a conversation and dissect the packet "without_ub()". This is theory. In practise, the routine sometimes find a conversation although there should not be one (this packet and the previous packet don't have the tag). Does anybody know why?

And another problem is the src, dest, srcport and destport. It's 0 in my dissector, because my protocol is direct set up on the ethernet frame, so there is no port or address (instead of the src- and dest-MAC address).

CODE:
/* check if the packet has the PKT_TYPE "hold path" - if so then set up a conversation - if not look for a conversation. If one exist, then this packet has UB */
if( pkt_type & 0x20) {
  conversation_t *conv; /* the conversation - to detect packets with User Buffer */
  /* create the conversation */
  conv = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
  #ifdef DEBUG
    printf("%d    conversion_create() at frame_num %d\n", ++i, pinfo->fd->num);
  #endif
  dissect_without_ub(tvb, pinfo, tree);
} else {
  conversation_t *conv;

  /* try to finde a conversation */
  conv = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
  if(conv) {
    conversation_delete_proto_data(conv,proto_ippoe);
    #ifdef DEBUG
      printf("%d    find_conversion() at frame_num %d\n", --i, pinfo->fd->num);
    #endif
    dissect_with_ub(tvb, pinfo, tree);
  } else {
    dissect_without_ub(tvb, pinfo, tree);
  }
}
END CODE


> Hi,
>
> This problem can be addressed by means of conversations. See the
> README.developer on the concept and all relevant details how to use it.
> 
> Thanx,
> Jaap
-- 
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube