Wireshark mailing list archives
Re: What is the best way to create a statefuldissector?
From: Kenny Ho <kho () vixs com>
Date: Wed, 23 Nov 2011 09:16:05 -0500
Awesome! Thanks for all the information and advice. Kenny -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Bill Meier Sent: November-22-11 7:19 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] What is the best way to create a statefuldissector? On 11/22/2011 7:02 PM, Bill Meier wrote:
So, it may be the case that you'll need to store "per-frame" info about any decisions made as to how to dissect a particular packet based upon a previous packet. When an arbitrary packet is then dissected again later the associated per-packet info is used to do the dissection in the same way as done during the first sequential pass.
Or: If the nature of the state info is akin to "setup" info which once seen applies to all the following packets of a conversation then use of a conversation should be sufficient. (Of course your dissector will need to handle the case wherein a capture "starts in the middle" such that info from a previous packet is not available). If the state info can be different for each of the streams then you may want to use a GHashtable associated with a conversation to store info for each individual stream associated with a conversation (connection). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe IMPORTANT CONFIDENTIALITY NOTICE This message and any attached documents contain information from ViXS Systems, Inc. and are confidential and privileged and further subject to any confidentiality agreement between the parties. The information is intended to be viewed only by the individual(s) or entity(ies) to whom the message is addressed. If you are not the intended recipient, be aware that reading, disclosing, copying, distributing or using the contents of this transmission is prohibited. Please notify us immediately if you have received this transmission in error, and delete this message along with any attached files. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- What is the best way to create a stateful dissector? Kenny Ho (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a statefuldissector? Kenny Ho (Nov 23)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)