Wireshark · Wireshark-dev: Re: [Wireshark-dev] question related to create a statistics

Wireshark-dev: Re: [Wireshark-dev] question related to create a statistics

Date: Tue, 17 Mar 2009 13:45:21 +0100

Hi,
Le lundi 16 mars 2009 à 13:39 +0100, Toralf Förster a écrit :
> Hello,
> 
> for the attached dissector 
> (https://www.wireshark.org/lists/wireshark-users/200902/msg00197.html) I'm 
> wondering why the statistics doesn't work as expected. The attached tcp 
> packet contains 2 sametime messages. The 1st message is of type "channel
You can't reuse the same sinfo structure, you have to allocate one per
PDU. ep_alloc is ok for that:

sinfo = ep_alloc(sizeof(struct SametimeTap ));
 
More remarks:

- Don't put all your code in one big 'if (tree) {}' block. If you don't
expect thousand of packets/second don't bother with 'if (tree)' at all. 

- tcp_dissect_pdus with a minimum size of 0? it won't be able to
reassemble all cases, as a matter of I'm not sure that the
tcp_dissect_xxx really works with a size of 0.
 
With your protocol structure, as describe in the dissector, you can't
use tcp_dissect_pdus reliably. 
It doesn't work if in the same tcp segment you have:
<heart beat><long packet>

With <hear beat> size <= 4
and <long packet> size > 8
For long packet you must use 8 as tcp_dissect_pdus parameter, and so on.

There's no easy workaround though.

Didier

References:
- [Wireshark-dev] question related to create a statistics
  - From: Toralf Förster

Prev by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 27748: /trunk/plugins/profinet/ /trunk/plugins/profinet/: Makefile.common crc16.c crc16.h moduleinfo.h moduleinfo.nmake packet-dcerpc-pn-io.c packet-pn-rt.c
Next by Date: Re: [Wireshark-dev] Win64 build support
Previous by thread: [Wireshark-dev] question related to create a statistics
Next by thread: [Wireshark-dev] Hello to the list and a nested dissector
Index(es):
- Date
- Thread