Wireshark-dev: Re: [Wireshark-dev] Conversation tracking

From: Tobias Weiss <tweiss@xxxxxxxxxxxxxxx>
Date: Thu, 10 May 2012 17:54:44 -0400

Thanks, this is working just fine.

But in that case I suggest an update to README.developer as I copied the buggy source-code from there.

Tobi




Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Sent by: wireshark-dev-bounces@xxxxxxxxxxxxx

05/10/2012 01:07 PM
Please respond to
Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>

To
Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
cc
Subject
Re: [Wireshark-dev] Conversation tracking






---- On Thu, 10 May 2012 10:26:46 -0600 Tobias Weiss  wrote ----

>I'm using conversation tracking and ran into an issue. My code looks like this (as suggested in the README.developer):
>
>conv = find_conversation(pinfo->fd->num,
>    &pinfo->src,
>    &pinfo->dst,
>    pinfo->ptype,
>    pinfo->srcport,
>    pinfo->destport,
>    0);
>
>if(conv != NULL) { get conversation data }
>else { create conversation data with se_alloc() and add it to the conversation }
>
>When the dissectors main function is called for the first time, find_conversation() returns a non-null pointer! As far as I understood it should return 0 as conversation_new() was never called for this address/port combination yet. What am I missing here?

Using a dissector I wrote, packet-exec.c, as an example, I first called find_or_create_conversation(), then conversation_get_proto_data() and then check the return of that second function to see if I need to create the data:

       conversation = find_or_create_conversation(pinfo);

       /* Retrieve information from conversation
        * or add it if it isn't there yet
        */
       hash_info = conversation_get_proto_data(conversation, proto_exec);
       if(!hash_info){
               hash_info = se_alloc(sizeof(exec_hash_entry_t));

<<< set the variables here >>>

               conversation_add_proto_data(conversation, proto_exec, hash_info);
       }

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe