|
Modification to (proto.h) is made to add an additional expert group type of PI_REQUEST_CODE to allow Request tag information to be passed to the expert tap. This is for such reasons where a dissector would like to echo specific information about certain types of requests. For example: NCP connection request is really a request not a REPLY_CODE. Same is true for the TCP SYN request.
I will be submitting a redesign of the expert composite statistics in a different email.
Comments? Please apply...
|
Index: expert_dlg.c
===================================================================
--- expert_dlg.c (revision 17611)
+++ expert_dlg.c (working copy)
@@ -83,6 +83,7 @@
{ PI_CHECKSUM, "Checksum" },
{ PI_SEQUENCE, "Sequence" },
{ PI_RESPONSE_CODE, "Response" },
+ { PI_REQUEST_CODE, "Request" },
{ PI_UNDECODED, "Undecoded" },
{ PI_MALFORMED, "Malformed" },
{ PI_REASSEMBLE, "Reassemble" },
Index: proto.h
===================================================================
--- proto.h (revision 17565)
+++ proto.h (working copy)
@@ -259,6 +259,8 @@
#define PI_SEQUENCE 0x0200
/** The protocol field indicates a bad application response code (e.g. HTTP 404), usually PI_NOTE */
#define PI_RESPONSE_CODE 0x0400
+/** The protocol field indicates an application request (e.g. File Handle == xxxx), usually PI_CHAT */
+#define PI_REQUEST_CODE 0x0500
/** The data is undecoded, the protocol dissection is incomplete here, usually PI_WARN */
#define PI_UNDECODED 0x0800
/** The protocol field indicates a reassemble (e.g. DCE/RPC defragmentation), usually PI_CHAT (or PI_ERROR) */
