Wireshark mailing list archives

Re: Display multiple frames (of multiple TCP segments) in COL_INFO

From: Kaul <mykaul () gmail com>
Date: Thu, 29 Sep 2011 21:33:02 +0300

On Tue, Sep 27, 2011 at 10:10 PM, Stephen Fisher
<steve () stephen-fisher com>wrote:

On Tue, Sep 27, 2011 at 03:33:01PM +0300, Kaul wrote:

I've tried to mimic what the SSL dissector does, which is able to
display multiple PDUs information in the COL_INFO ('Application Data,
Application Data, Application Data' for example).


How are you doing it now?  Are you using the col_set_fence and related
functions?


Ah, never heard of the fence function.That didn't help me though.
I'm passing to my PDU dissection function the boolean first_record_in_frame,
which is supposed to add the "," if it's not the first record - but in any
case, looks like it's a bit more complicated than that:
1. Again, in the 'normal' way (multiple PDUs in a single frame) all works
well: I get PDU 1, PDU 2, PDU 3 ... '.
It fails when a PDU starts in frame 1 and ends in frame 2 and frame 2
contains another PDU - I'm only seeing (in COL_INFO) the name of first PDU.
The protocol is nicely dissected in the tree:
[ 2 Reassembled TCP segments]

Spice Protocol

  > PDU 1

Spice Protocol

  > PDU 2
  > PDU 3
...

In the COL_INFO, I'll just see 'PDU 1'.
Specifically the issue is with dissect_spice_data_server_pdu(), which may be
called multiple times in a frame, but I don't see what I'm doing special
here.
TIA,
Y.

It appears I need to do this check per frame - although my dissector
is called per conversation. Any ideas?


Dissectors are called per frame by Wireshark.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Attachment: packet-spice.c
Description:

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Display multiple frames (of multiple TCP segments) in COL_INFO Kaul (Sep 27)
- Re: Display multiple frames (of multiple TCP segments) in COL_INFO Stephen Fisher (Sep 27)
  - Re: Display multiple frames (of multiple TCP segments) in COL_INFO Kaul (Sep 29)
    - Re: Display multiple frames (of multiple TCP segments) in COL_INFO Stephen Fisher (Sep 29)