On May 5, 2011, at 1:06 PM, Chris Maynard wrote:
> Note, however, that you must fill in column information, create
> conversations, reassemble packets, build any other persistent state
> needed for dissection, and call subdissectors regardless of whether
> "tree" is NULL or not. ...
I.e., there is *no* guarantee that, for all calls to the dissector for a TCP
segment, pinfo->tcp_tree will be non-null.
If, for example, that's not the case in the first pass through the packets,
when the capture file is being read, the behavior of TCP reassembly of the
protocol will be incorrect, because the reassembly depends on *every* segment
being handed to the dissector in order.
What should be done is:
void dissect_for_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
tcp_dissect_pdus(tvb, pinfo, tree, TRUE, MESSAGE_HEADER_SIZE,
get_message_tcpmessage_len,
dissect_message_tcpmessage);
}
and register that as the dissector for TCP and *ONLY* TCP, and have a separate
dissector for UDP, and register that for UDP.
The two dissectors can possibly share common code; when running over UDP, is
the one message per UDP datagram, with the messages looking exactly like the
TCP messages?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
