Wireshark-dev: Re: [Wireshark-dev] SCPS dissector.
On Oct 6, 2008, at 8:09 AM, Cosmin Craciunescu wrote:
One problem is in order to dissect IP protocol 0x69 (SCPS)
SCPS compressed TCP, that is (according to the SCPS-NS specification).
I need to
have access to information from the TCP packet with the SYN flag for
this connection (it's a convoluted protocol).
I.e., the connection starts out using TCP (protocol 6) and then
switches to compressed-header TCP (protocol 105)?
Does the initial SYN always have SCPS options? If so,
dissect_tcpopt_scps() in the TCP dissector could attach the relevant
information to the conversation for the TCP connection, and the SCPS
dissector could look for the TCP conversation and use that
information. If not, the TCP dissector might have to have an option
to create a conversation and attach the relevant data (if it already
does so, it probably needs to have that controlled by an option, so
that a TCP capture with a SYN flood doesn't cause a lot of
conversations to be allocated - that was an issue with tcpdump, which
allocates a conversation data structure by default).