Hi,
That is a very poor way of doing that for several reasons.
1. There may be not only missing packets, but also out-of-sequence packets.
2. There may be more than one packet flow in the capture.
So, the solution is a bit more complex than this.
1. Make a linked list to track seen packet numbers, or make a tap.
2. Use conversations to track multiple packet flows.
Al this is described in the doc/README files and techniques can be found in
various dissectors.
Thanx,
Jaap
Barnes, Pat wrote:
If you use a local static variable in the dissect_yourprot() function,
it will store the number across packets.
eg:
//don't expect this to compile, it's just a mock-up
static int dissect_yourprot(pinfo, tvb, tree) {
static guint32 last_sequence_number = 0;
guint32 sequence_number;
...
sequence_number = tvb_get_ntohl(tvb, 2);
if (last_sequence_number && sequence_number != last_sequence_number
+ 1) {
//gap!
}
last_sequence_number = sequence_number;
...
}
-Patrick
------------------------------------------------------------------------
*From:* wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] *On Behalf Of *Kwan Ng [LAVA]
*Sent:* Thursday, 17 July 2008 7:55 AM
*To:* wireshark-dev@xxxxxxxxxxxxx
*Subject:* [Wireshark-dev] flagging gaps in sequence
Hi,
I’m fairly new to Wireshark development...actually, I just started today.
I wrote a plugin for a UDP based protocol and it’s working fine. The
protocol has a sequence number as the second field (4 bytes, offset = 2
bytes). The sequence numbers are sent sequentially, but since this is
UDP, I am not guaranteed to receive all packets. How can I get the
plugin to check for gaps in the sequence numbers?
Thanks.
Kwan Ng
Development Integration Specialist
