Hi,
Le mercredi 10 septembre 2008 à 08:16 +0200, Peter Johansson a écrit :
> 2008/9/10 Maynard, Chris <[EMAIL PROTECTED]>
> In the case of packet-bittorrent.c there should really be a call to
> find_conversation preceeding the call to conversation_new although I
> can see the reason for why the implementor did not do this (if there
> is some thought behind it and not just a slip).
>
> Since the call to conversation_new is (only) part of the heuristic
> dissection, this means that packet-bittorrent attempts to find
> bittorrent traffic on (especially) other ports than the pre-defined
> ones. When such a port is found it is very unlikely that the 4-tuple
> that defines the connection (src and dest IP addresses and ports) will
> already have been seen by the dissector before. Hence, it is very
> unlikely that a second conversation_new would occur for the same
> 4-tuple that has been used in packet-bittorrent's conversation_new
> before, but not impossible of course.
>
TCP dissector always creates a conversation...
A little OT but most dissectors do something like:
c = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
if (c == NULL) {
c = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
}
Factorizing it in a new function:
c = get_packet_conversation(pinfo);
may help.
Didier
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
https://wireshark.org/mailman/listinfo/wireshark-dev
