Wireshark-dev: Re: [Wireshark-dev] Conversation tracking
From: Stephen Fisher <[email protected]>
Date: Thu, 10 May 2012 11:07:49 -0600
---- On Thu, 10 May 2012 10:26:46 -0600 Tobias Weiss  wrote ---- 

>I'm using conversation tracking and ran into an issue. My code looks like this (as suggested in the README.developer): 
> 
>conv = find_conversation(pinfo->fd->num, 
>    &pinfo->src, 
>    &pinfo->dst, 
>    pinfo->ptype, 
>    pinfo->srcport, 
>    pinfo->destport, 
>    0); 
> 
>if(conv != NULL) { get conversation data } 
>else { create conversation data with se_alloc() and add it to the conversation } 
> 
>When the dissectors main function is called for the first time, find_conversation() returns a non-null pointer! As far as I understood it should return 0 as conversation_new() was never called for this address/port combination yet. What am I missing here? 

Using a dissector I wrote, packet-exec.c, as an example, I first called find_or_create_conversation(), then conversation_get_proto_data() and then check the return of that second function to see if I need to create the data:

        conversation = find_or_create_conversation(pinfo);

        /* Retrieve information from conversation
         * or add it if it isn't there yet
         */
        hash_info = conversation_get_proto_data(conversation, proto_exec);
        if(!hash_info){
                hash_info = se_alloc(sizeof(exec_hash_entry_t));

<<< set the variables here >>>

                conversation_add_proto_data(conversation, proto_exec, hash_info);
        }