It is often useful to enhance dissectors for request/response style protocols
to match requests with responses.
This allows you to display useful information in the decode tree such as which
-requests are matched to which response and the response time for individual
+requests are matched to which response and the response time for individual
transactions.
This is also useful if you want to pass some data from the request onto the
dissection of the actual response. The RPC dissector for example does
-something like this to pass the actual command opcode from the request onto
-the response dissector since the opcode itself is not part of the response
+something like this to pass the actual command opcode from the request onto
+the response dissector since the opcode itself is not part of the response
packet and without the opcode we would not know how to decode the data.
-It is also useful when you need to track information on a per conversation
-basis such as when some parameters are negotiated during a login phase of the
+It is also useful when you need to track information on a per conversation
+basis such as when some parameters are negotiated during a login phase of the
protocol and when these parameters affect how future commands on that session
-are to be decoded. The iSCSI dissector does something similar to that to track
+are to be decoded. The iSCSI dissector does something similar to that to track
which sessions that HeaderDigest is activated for and which ones it is not.
2. Implementation
The example below shows how simple this is to add to the dissector IF:
1. there is something like a transaction id in the header,
-2. it is very unlikely that the transaction identifier is reused for the
+2. it is very unlikely that the transaction identifier is reused for the
same conversation.
The example is taken from the PANA dissector:
-First we need to include the definitions for conversations and memory
+First we need to include the definitions for conversations and memory
management.
#include <epan/conversation.h>
#include <epan/emem.h>
-Then we also need a few header fields to show the relations between request
+Then we also need a few header fields to show the relations between request
and response as well as the response time.
static int hf_pana_response_in = -1;
static int hf_pana_response_to = -1;
static int hf_pana_time = -1;
-We need a structure that holds all the information we need to remember
-between the request and the responses. One such structure will be allocated
+We need a structure that holds all the information we need to remember
+between the request and the responses. One such structure will be allocated
for each unique transaction.
In the example we only keep the frame numbers of the request and the response
as well as the timestamp for the request.
-But since this structure is persistent and also a unique one is allocated for
+But since this structure is persistent and also a unique one is allocated for
each request/response pair, this is a good place to store other additional
data you may want to keep track of from a request to a response.
nstime_t req_time;
} pana_transaction_t;
-We also need a structure that holds persistent information for each
-conversation. A conversation is identified by SRC/DST address, protocol and
+We also need a structure that holds persistent information for each
+conversation. A conversation is identified by SRC/DST address, protocol and
SRC/DST port, see README.developer.
-In this case we only want to have a binary tree to track the actual
+In this case we only want to have a binary tree to track the actual
transactions that occur for this unique conversation.
Some protocols negotiate session parameters during a login phase and those
parameters may affect how later commands on the same session is to be decoded,
emem_tree_t *pdus;
} pana_conv_info_t;
-Finally for the meat of it, add the conversation and tracking code to the
+Finally for the meat of it, add the conversation and tracking code to the
actual dissector.
...
seq_num = tvb_get_ntohl(tvb, 8);
...
- /*
+ /*
* We need to track some state for this protocol on a per conversation
* basis so we can do neat things like request/response tracking
*/
- /*
- * Do we have a conversation for this connection?
- */
- conversation = find_conversation(pinfo->fd->num,
- &pinfo->src, &pinfo->dst,
- pinfo->ptype,
- pinfo->srcport, pinfo->destport, 0);
- if (conversation == NULL) {
- /* We don't yet have a conversation, so create one. */
- conversation = conversation_new(pinfo->fd->num,
- &pinfo->src, &pinfo->dst,
- pinfo->ptype,
- pinfo->srcport, pinfo->destport, 0);
- }
+ conversation = find_or_create_conversation(pinfo);
+
/*
* Do we already have a state structure for this conv
*/
git.samba.org / obnox / wireshark / wip.git / blobdiff