Wireshark-dev: Re: [Wireshark-dev] Stateless Dissection
From: Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>
Date: Mon, 23 Jun 2014 01:34:13 +0200
On Sun, Jun 22, 2014 at 05:45:45PM -0400, Evan Huus wrote:
> On Sun, Jun 22, 2014 at 5:25 PM, Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>
> wrote:
> 
> > On Sun, Jun 22, 2014 at 05:07:19PM -0400, Evan Huus wrote:
> > > The implementation is a bit of a hack in that stateless dissection still
> > > does all the stateful work, it just throws it away after each packet (so
> > > stateless is actually slightly slower than stateful) but it seems to work
> > > in my simple tests.
> >
> > Great, but I'd like to see also something working for *given* frame number,
> > this would also fix issues with -R (like remove all conversations,
> > reassemblies created by *given* frame number).
> 
> I don't think I understand?

If you have the -R "somefilter" and later you drop this frame, frame number will be reused by
next one, and this really confuses the libwireshark.

It'd be really nice to have posibility to 'undo' operations done after dissecting current frame.