Wireshark mailing list archives
pinfo->fd->flags.visited and NFS
From: Ian Schorr <ian.schorr () gmail com>
Date: Thu, 14 Jan 2010 16:13:58 +1100
Hi all, I'm in the process of making some improvements to the NFSv4 dissector and running into some problems - hoping for some insight. I've never spent any time with the pinfo "flags.visited" flag, or any of the logic that takes Wireshark through multiple passes processing the same packet. In what sort of circumstances would pinfo->fd->flags.visited actually be SET? In this case I'm expanding the NFSv2/v3 "File handle snooping" logic to support NFSv4 as well. At a certain point, nfs_name_snoop_fh() is called. I'm finding that when this is called while processing NFSv4 frames, the frame has already been "visited" and this flag is set. This causes a conditional to fail and none of the FH snooping code is run. However, this flag is FALSE when called by nfsv3. I'm not clear on what's different about the NFSv4 processing that could cause it to be "visiting" this frame before the FH processing is done (which is called as part of the main dissection code, and as far as I know is called directly from ONC-RPC dissection, at the exact same point as NFSv3). I'm also finding that everything works "normally" if I remove that check - both with NFSv3 and v4. But I'm assuming that removing this check causes something inefficient to happen - unnecessary second processing of FHs when dissecting with NFSv3, some extra memory usage, or something). But not clear what. If I understood more about how/when this flag would be changed, and what a dissector could that would lead to a "second processing pass" where this flag is set, I'd have a better chance of figuring out what I can do about the problem. Or if anyone knows the NFS/RPC dissectors well and want to weigh in, that'd be great too =) Thanks, Ian ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- pinfo->fd->flags.visited and NFS Ian Schorr (Jan 13)
- Re: pinfo->fd->flags.visited and NFS didier (Jan 13)
- Re: pinfo->fd->flags.visited and NFS Ian Schorr (Jan 13)
- Re: pinfo->fd->flags.visited and NFS Guy Harris (Jan 13)
- Re: pinfo->fd->flags.visited and NFS didier (Jan 13)
- Re: pinfo->fd->flags.visited and NFS Ian Schorr (Jan 14)
- Re: pinfo->fd->flags.visited and NFS Ian Schorr (Jan 13)
- Re: pinfo->fd->flags.visited and NFS didier (Jan 13)