Wireshark-dev: Re: [Wireshark-dev] Request/Response tracking with multiple responses
On Fri, Jun 20, 2008 at 6:26 PM, Guy Harris <
guy@xxxxxxxxxxxx> wrote:
Thomas Boehne wrote:
> I followed the README.request_response_tracking to add
> request/response tracking to a UDP based protocol, but the protocol
> sometimes sends multiple responses to a single request. Does anybody
> know of a dissector that handles this case properly, so that I could
> take a look at the code?
I don't know of any. I don't know of many protocols where multiple
responses are sent to a single request (other than responses sent to
retransmitted requests).
SIP is an example. A single request may have one or more provisional responses e.g. progress, ringing, before the final response is received.
Responses currently track back to the request (and show a response time), but the request doesn't currently track forward to its response(s).
There I wasn't sure if I should have a different filter for the first resonse time (since this is the one that is probably of most interest), possibly also the last. I also considered adding a generated field to responses to say that they are the nth response to the same request. This would let someone isolate the first responses if they wanted to, e.g.
sip.response.nth == 1
> Or is it basically just a matter of extending the pana_transaction_t
> struct (see below) to handle a list of replies, and then iterate
> through it?
>
> typedef struct _pana_transaction_t {
> guint32 req_frame;
> guint32 rep_frame;
> nstime_t req_time;
> } pana_transaction_t;
I.e., instead of a guint32 rep_frame, have a list of frames, or a GArray
of frame numbers, or something such as that?
That's pretty much what I had in mind to do for SIP.
That's probably the right answer.