Wireshark mailing list archives
Re: What is the best way to create a stateful dissector?
From: Bill Meier <wmeier () newsguy com>
Date: Tue, 22 Nov 2011 19:18:35 -0500
On 11/22/2011 7:02 PM, Bill Meier wrote:
So, it may be the case that you'll need to store "per-frame" info about any decisions made as to how to dissect a particular packet based upon a previous packet. When an arbitrary packet is then dissected again later the associated per-packet info is used to do the dissection in the same way as done during the first sequential pass.
Or: If the nature of the state info is akin to "setup" info which once seen applies to all the following packets of a conversation then use of a conversation should be sufficient.
(Of course your dissector will need to handle the case wherein a capture "starts in the middle" such that info from a previous packet is not available).
If the state info can be different for each of the streams then you may want to use a GHashtable associated with a conversation to store info for each individual stream associated with a conversation (connection).
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- What is the best way to create a stateful dissector? Kenny Ho (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a statefuldissector? Kenny Ho (Nov 23)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)
- Re: What is the best way to create a stateful dissector? Bill Meier (Nov 22)