On Fri, Aug 11, 2000 at 01:11:18PM +0200, Uwe Girlich wrote:
> Hello!
>
> I have attached a tcpdump file with one NFS and one NLM packet. Both are
> related to the same file (file handle). If I try to "Match Selected" in the
> 2nd (NLM) packet for
> NLM/object/file number/inode
(The second packet is shown as NFS, not NLM: NFS/object/file number/inode)
> I get the display filter expression
> "nfs.fh.fn == 225737"
> but this filter finds only the 1st (NFS) packet.
(the first packet is shown as NLM)
> Does this mean, that the first part of a variable name "nfs.fh.fn" -> "nfs"
> leads to packets with this protocol only?
Yes. Here's the relevant section of proto.c:
/* Return GPtrArray* of field_info pointers for all hfindex that appear in
tree
* (we assume that a field will only appear under its registered parent's
subtree) */
GPtrArray*
proto_get_finfo_ptr_array(proto_tree *tree, int id)
{
....
This assumption was made as an optimization; it avoids having to
search the entire proto_tree for every field. BTW, parenthood is not
defined by the string itself. That is, "nfs.fh.fn" is not assumed
to be a child of "nfs" proto because of its name. Parenthood is
defined by the registration process --- the proto that you pass
to proto_register_field_array() is the parent of the array of fields
that you are registering.
There are various solutions that immediately come to mind:
1. Assume a field can appear *anywhere* and search the entire tree
for every instance of a field. This is less than optimal, because
that's a lot of extra searching.
2. Create the ability to register multiple parent protocols
for a set of fields.
3. Register some fields as "ubiquituous", allowing only these fields
to appear anywhere. Only these fields are searched for across
the entire tree; all other fields are searched for only under their
parent protocol.
--gilbert
