Ethereal-dev: Re: [ethereal-dev] Keeping state and name tables

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 5 Oct 1999 13:39:05 -0700 (PDT)
> So, in dissect_smb, I want to do something like:
> 
>    src_ip = get_src_ip(packet);
>    dst_ip = get_dst_ip(packet);
>    src_port = get_src_port(packet);
>    dst_port = get_dst_port(packet);
> 
>    state_block = hash_new_state(src_ip, dst_port, src_port, dst_port,
> sizeof(state_block));
> 
>    state_block -> Transact_Command = command;

Would stuff like the "transact" command be associated with source and
destination addresses ("addresses" here means network-layer address plus
transport-layer port information), or with packets?

I.e., store, with requests known to have a response that, to be decoded,
requires information from the request, that information, and store, for
each request of that sort, in another database, indexed by source and
destination addresses and "transaction ID" (multiplexor ID, if I
remember correctly, for SMB; transaction ID for ONC RPC), either a
pointer to that stored information, or to the request's frame, or both. 
Then, when a response is seen, look it up by addresses and transaction
ID.

(Storing a reference to the frame could let you add, in the protocol
tree for a reply, an entry saying "this is a reply to a request starting
in frame XXX" - "snoop" prints out that, as I remember, at least for ONC
RPC requests.)