On 10/03/2013, at 6:49 PM, mman...@netscape.net wrote:
> I think you need a combination of a conversation and frame data.
>
> Only on the first pass (!pinfo->fd->flags->visited), create and track the
> conversation. Also write the current sequence number to the frame data
> (p_add_proto_data).
> On subsequence passes (pinfo->fd->flags->visited), just use the frame data
> you set earlier (p_get_proto_data).
> tree will NULL on first pass (in Wireshark), but this logic should be "tree
> independent" and should just use the visited flag.
That's done it :-)
For the record, the combination of a) tracking sequence numbers outside the 'if
(tree) { ... }', b) using pinfo->fd->flags.visited to increment the sequence
number only once per PDU, and, c) storing the assigned number in the frame's
private data using p_add_proto_data() appears to have worked correctly.
Thanks to you both for your help,
d
> -----Original Message-----
> From: David Arnold <dav...@pobox.com>
> To: Developer support list for Wireshark <wireshark-dev@wireshark.org>
> Sent: Sun, Mar 10, 2013 1:32 pm
> Subject: Re: [Wireshark-dev] Dissector question
>
> On 10/03/2013, at 5:13 PM, Evan Huus wrote:
>
> Hi Evan,
>
> Thanks for your help.
>
> <...>
>
> > I'm not sure I follow this. Can't you simply store the most recent
> > sequence number in the conversation struct, and increment it for each
> > PDU received?
>
> I tried to do this, and perhaps I just got it (slightly) wrong.
>
> In my foo_dissect() function, I looked up the conversation, grabbed the
> latest
> sequence number, incremented it, and wrote it back to the conversation. I
> displayed it in the tree_item for the PDU, and in the COL_INFO, which was
> basically what I was after.
>
> The issues I had seemed to be related to when my dissection function was
> called:
> if I scrolled from start to end of the capture, it was fine. If I jumped to
> the
> final frame, the sequence number wasn't incremented for the intervening PDUs.
>
> Perhaps I need it to be done outside my if (tree) { ... } ?
>
> Thanks again; any suggestions appreciated,
>
>
>
> d
>
>
>
>
> >
> > Evan
> > ___________________________________________________________________________
> > Sent via: Wireshark-dev mailing list <
> wireshark-dev@wireshark.org
> >
> > Archives:
> http://www.wireshark.org/lists/wireshark-dev
>
> > Unsubscribe:
> https://wireshark.org/mailman/options/wireshark-dev
>
> >
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <
> wireshark-dev@wireshark.org
> >
> Archives:
> http://www.wireshark.org/lists/wireshark-dev
>
> Unsubscribe:
> https://wireshark.org/mailman/options/wireshark-dev
>
>
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
