Re: Dissector question

[David Arnold <davida () pobox com>]

On 10/03/2013, at 6:49 PM, mmann78 () netscape net wrote:

> I think you need a combination of a conversation and frame data.
>  
> Only on the first pass (!pinfo->fd->flags->visited), create and track the conversation. Also write the current 
> sequence number to the frame data (p_add_proto_data).
> On subsequence passes (pinfo->fd->flags->visited), just use the frame data you set earlier (p_get_proto_data).
> tree will NULL on first pass (in Wireshark), but this logic should be "tree independent" and should just use the 
> visited flag.

That's done it :-)

For the record, the combination of a) tracking sequence numbers outside the 'if (tree) { ... }', b) using 
pinfo->fd->flags.visited to increment the sequence number only once per PDU, and, c) storing the assigned number in the 
frame's private data using p_add_proto_data() appears to have worked correctly.

Thanks to you both for your help,




d



> -----Original Message-----
> From: David Arnold <davida () pobox com>
> To: Developer support list for Wireshark <wireshark-dev () wireshark org>
> Sent: Sun, Mar 10, 2013 1:32 pm
> Subject: Re: [Wireshark-dev] Dissector question
>
> On 10/03/2013, at 5:13 PM, Evan Huus wrote:
>
> Hi Evan,
>
> Thanks for your help.
>
> <...>
>
> > I'm not sure I follow this. Can't you simply store the most recent
> > sequence number in the conversation struct, and increment it for each
> > PDU received?
>
> I tried to do this, and perhaps I just got it (slightly) wrong.
>
> In my foo_dissect() function, I looked up the conversation, grabbed the latest 
> sequence number, incremented it, and wrote it back to the conversation.  I 
> displayed it in the tree_item for the PDU, and in the COL_INFO, which was 
> basically what I was after.
>
> The issues I had seemed to be related to when my dissection function was called: 
> if I scrolled from start to end of the capture, it was fine.  If I jumped to the 
> final frame, the sequence number wasn't incremented for the intervening PDUs.
>
> Perhaps I need it to be done outside my  if (tree) { ... } ?
>
> Thanks again; any suggestions appreciated,
>
>
>
> d
>
>
>
>
> > Evan
> > ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <
> wireshark-dev () wireshark org
> > Archives:    
> http://www.wireshark.org/lists/wireshark-dev
>
> > Unsubscribe: 
> https://wireshark.org/mailman/options/wireshark-dev
>
> >             
> mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <
> wireshark-dev () wireshark org
> >
> Archives:    
> http://www.wireshark.org/lists/wireshark-dev
>
> Unsubscribe: 
> https://wireshark.org/mailman/options/wireshark-dev
>
>              
> mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe