Re: [Wireshark-commits] master 31ecdf5: Refactor "common" Conversation table functionality.

[Guy Harris <guy () alum mit edu>]

On Jul 28, 2014, at 8:34 PM, mmann78 () netscape net wrote:

> On a related note, I took the "common" Conversation table functionality a step further and "merged in" the 
> hostlist/endpoint functionality (https://code.wireshark.org/review/3214/). Since I don't know a lot about 
> conversations/endpoints, does it make sense to separate the two (from a dissector/epan API standpoint) or combine 
> them?   Is it just a "coincidence" that the same dissectors that have conversations, also have endpoints?

No, but...

> Or would it be possible for a dissector to have one without the other?

...yes.

libwireshark has its own notion of "conversations", which we might be able to unify with the conversation table notion.

It also has a notion of "circuits", which are for protocols where you have virtual circuit identifiers independent of 
endpoint identifiers, e.g. X.25.  There might still be endpoint identifiers for those protocols.

> Why is the tap name "hosts" for everything but TCP and UDP (which use "endpoint").

Because, for some protocols, an endpoint identifier identifies a machine (e.g., a MAC address for LAN segment-level 
conversations or an IP address for network-layer conversations) and, for others, they identify an entity on a machine 
(e.g., an IP address plus a port, for TCP connections or UDP conversations).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe