Wireshark mailing list archives
Re: What is the best way to create a stateful dissector?
From: Bill Meier <wmeier () newsguy com>
Date: Tue, 22 Nov 2011 18:38:35 -0500
On 11/22/2011 6:19 PM, Kenny Ho wrote:
Hi, I am writing my first dissector and it needs to dissect a packet base on some information in previous packets. The protocol also allows multiple of these stream mux together. What is the best way to create a stateful dissector? From the dev guide, I notice there are two different mechanisms that is "stateful" - the tap and the "conversation". From what I can tell, tap seems to be for post-processing of stats only. So is the "conversation" mechanism the best way to implement a stateful dissector?
Yes: In addition to the dev guide, see doc/README.developer.
Did I miss any some other mechanism?
Note that it's possible (but less desirable due to memory usage) to store "per-packet" state info (see README.developer section 2.5). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- What is the best way to create a stateful dissector? Kenny Ho (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a statefuldissector? Kenny Ho (Nov 23)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)