On Oct 2, 2003, at 1:29 PM, Emanuele Caratti wrote:
In the tacacs+ dissector I'm writing, i use the conversation with
NO_PORT2
( btw, I'm curious, why NO_PORT_2 in conversation_new and NO_PORT_B in
find_conversation? :) )
So that people don't get confused and think that the first and second
port numbers passed to "conversation_new()" necessarily correspond, in
that order, to the first and second port numbers passed to
"find_conversation()" - the conversation might have been created from a
packet going in one direction, but it might be looked up for a packet
going in the opposite direction, with the port numbers reversed.
(Yes, this was, as I remember, inspired by somebody getting confused in
that fashion. They might, as I remember, have been confused by the
argument names, rather than the #define names, but having changed the
argument names, it made sense to change the #define names also.)
to match the connection between a server (port 49) and
a client (whatever port), and find the right encryption key.
After I create the conversation, I set the dissector, so it will be
called
from try_conversation_dissector, after a successfull find_conversation.
In the dissector, is it possible to retrieve the conversation pointer
without redoing the find_conversation ?
If you've called "conversation_new()", yes - use the result of
"conversation_new()".
If you haven't, no - the only way to find a conversation to which a
packet might belong is to look it up, and that's done with
"find_conversation()".
The code typically looks like
conversation = find_conversation(...);
if (conversation == NULL) {
/* There's no conversation - create one. */
conversation = conversation_new(...);
}
And there is a way to create a "flags" subtree, like the one of tcp,
but
without creating all the variable, i.e. only tcp.flags, but not
tcp.flags.* ?
Creating a subtree without the intent of putting something under it is
pointless, so presumably you either
1) want to create a subtree, but you don't know, at the time you'd
create it, whether you'll be putting anything under it or not
or
2) want to create a subtree, but just put stuff under it with
"proto_tree_add_text()".
Both of those are possible. You create a subtree with
"proto_item_create_subtree()", which requires no named fields, so the
way you create a subtree without named fields under it is the same way
you create a subtree with named fields under it - you just don't put
any named fields into that tree.
Last question, with gtk2 all the subtree, for example the tcp.flags,
keep
closing while browsing through the packet in the Top Pane, with gtk1
they
stay open.
There's probably a bug in the GTK+ 2.x version of the Ethereal GUI code
so that, when a protocol tree entry is expanded, the "expand_tree()"
callback function isn't called for that row, so that it never sets the
"this particular tree is expanded" flag, or so that it's not getting
the correct field_info data structure for the row in question, so that
it doesn't set the "this particular tree is expanded" flag for that
row, or so that the code to draw that tree as expanded if that flag is
set doesn't work.
I don't know which of those is the case, if any.
