Wireshark mailing list archives
Re: [Wireshark-commits] master 31ecdf5: Refactor "common" Conversation table functionality.
From: Guy Harris <guy () alum mit edu>
Date: Tue, 29 Jul 2014 01:02:46 -0700
On Jul 28, 2014, at 8:34 PM, mmann78 () netscape net wrote:
On a related note, I took the "common" Conversation table functionality a step further and "merged in" the hostlist/endpoint functionality (https://code.wireshark.org/review/3214/). Since I don't know a lot about conversations/endpoints, does it make sense to separate the two (from a dissector/epan API standpoint) or combine them? Is it just a "coincidence" that the same dissectors that have conversations, also have endpoints?
No, but...
Or would it be possible for a dissector to have one without the other?
...yes. libwireshark has its own notion of "conversations", which we might be able to unify with the conversation table notion. It also has a notion of "circuits", which are for protocols where you have virtual circuit identifiers independent of endpoint identifiers, e.g. X.25. There might still be endpoint identifiers for those protocols.
Why is the tap name "hosts" for everything but TCP and UDP (which use "endpoint").
Because, for some protocols, an endpoint identifier identifies a machine (e.g., a MAC address for LAN segment-level conversations or an IP address for network-layer conversations) and, for others, they identify an entity on a machine (e.g., an IP address plus a port, for TCP connections or UDP conversations). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: [Wireshark-commits] master 31ecdf5: Refactor "common" Conversation table functionality. Jeff Morriss (Jul 28)
- Re: [Wireshark-commits] master 31ecdf5: Refactor "common" Conversation table functionality. Joerg Mayer (Jul 28)
- <Possible follow-ups>
- Re: [Wireshark-commits] master 31ecdf5: Refactor "common" Conversation table functionality. mmann78 (Jul 28)
- Re: [Wireshark-commits] master 31ecdf5: Refactor "common" Conversation table functionality. Guy Harris (Jul 29)