Re: Conversation tracking

[Stephen Fisher <steve () stephen-fisher com>]

---- On Fri, 11 May 2012 09:46:45 -0600 Stephen Fisher  wrote ---- 

> Are you trying to keep track of where the current packet belongs in the whole conversation? The exec dissector I 
> previously mentioned (packet-exec.c) does this. Look at the exec_hash_entry_t struct up toward the top. A more 
> advanced (overly complex) version of this is in the VNC dissector (packet-vnc.c). In the VNC dissector, we use both 
> per conversation data (such as conversation_add_proto_data) and per packet info (such as p_get_proto_data).

I forgot to mention that this works because the first time Wireshark loads a capture file or captures off the wire, the 
packets are dissected in order and only after that can the user click on them in a random order.   You'll only want to 
update conversation/per-packet information while tracking the order of the conversation the first pass through (the 
variable pinfo->fd->flags.visited or the macro version PINFO_FD_VISITED() from epan/frame_data.h may be helpful here).


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe