Revision history [back]

I'm trying to implement custom Epan lib API for packet dissections. Currently I'm done with packets dissection and everything works fine. But after I tried to dissect a packet as independent (out of the flow, stream) I ran into a problem... Example: I have some 10 packets, that are a TCP stream and one extra that is not connected to the stream, and I want dissect this extra packet as independent, meaning I do not want to add this packet to the dissection history and do not save any data of this packet in the dissectors flow.

How I dissect the stream:

epan_t* stream_epan = epan_new(NULL, &g_funcs);
/* Performing dissection for all the TCP stream packets sequence */
epan_t* independent_epan = epan_new(NULL, &g_funcs);
/* Trying to perform independent dissection, but this causes an exception, seems like I can not create new epan instance */

How actually can I correctly dissect some packets as independent like I described above? How the WS doe it, or this is impossible? Or It works only with the read file and provider creation? Or how? Can somebody explain me how can I make it possible?

I'm trying to implement custom Epan lib API for packet dissections. Currently I'm done with packets dissection and everything works fine. But after I tried to dissect a packet as independent (out of the flow, stream) I ran into a problem... Example: I have some 10 packets, that are a TCP stream and one extra that is not connected to the stream, and I want dissect this extra packet as independent, meaning I do not want to add this packet to the dissection history and do not save any data of this packet in the dissectors flow.

How I dissect the stream:

epan_t* stream_epan = epan_new(NULL, &g_funcs);
/* Performing dissection for all the TCP stream packets sequence */
/* ... */
epan_dissect_run(g_edt, g_filetype_subtype, &reclocal, tvb, &fdlocal, &g_cinfo);
/* ... */
/* Trying to create new independent epan instance, but this causes an exception, seems like I can not create new epan instance after one already has been created... */
epan_t* independent_epan = epan_new(NULL, &g_funcs);
/* Trying to perform independent dissection, but this causes an exception, seems like I can not create new epan instance */

How actually can I correctly dissect some packets as independent like I described above? How the WS doe it, or this is impossible? Or It works only with the read file and provider creation? Or how? Can somebody explain me how can I make it possible?

I'm trying to implement custom Epan lib API for packet dissections. Currently I'm done with packets dissection and everything works fine. But after I tried to dissect a packet as independent (out of the flow, stream) I ran into a problem... Example: I have some 10 packets, that are a TCP stream and one extra that is not connected to the stream, and I want dissect this extra packet as independent, meaning I do not want to add this packet to the dissection history and do not save any data of this packet in the dissectors flow.

How I dissect the stream:

epan_t* stream_epan = epan_new(NULL, &g_funcs);
/* Performing dissection for all the TCP stream packets sequence */
/* ... */
epan_dissect_run(g_edt, g_filetype_subtype, &reclocal, tvb, &fdlocal, &g_cinfo);
/* ... */
/* Trying to create new independent epan instance, but this causes an exception, seems like I can not create new epan instance after one already has been created... */
epan_t* independent_epan = epan_new(NULL, &g_funcs);

How actually can I correctly dissect some packets as independent like I described above? How the WS doe it, or this is impossible? Or It works only with the read file and provider creation? Or how? Can somebody explain me how can I make it possible?

 epan_t* local_epan = epan_new(NULL, &g_funcs);
 /* ... dissection procedure */
 epan_free(local_epan);

I'm trying to implement custom Epan lib API for packet dissections. Currently I'm done with packets dissection and everything works fine. But after I tried to dissect a packet as independent (out of the flow, stream) I ran into a problem... Example: I have some 10 packets, that are a TCP stream and one extra that is not connected to the stream, and I want dissect this extra packet as independent, meaning I do not want to add this packet to the dissection history and do not save any data of this packet in the dissectors flow.

How I dissect the stream:

epan_t* stream_epan = epan_new(NULL, &g_funcs);
/* Performing dissection for all the TCP stream packets sequence */
/* ... */
epan_dissect_run(g_edt, g_filetype_subtype, &reclocal, tvb, &fdlocal, &g_cinfo);
/* ... */
/* Trying to create new independent epan instance, but this causes an exception, seems like I can not create new epan instance after one already has been created... */
epan_t* independent_epan = epan_new(NULL, &g_funcs);

How actually can I correctly dissect some packets as independent like I described above? How the WS doe it, or this is impossible? Or It works only with the read file and provider creation? Or how? Can somebody explain me how can I make it possible?

Also having some weird issues when I create epan session locally in the function

 epan_t* local_epan = epan_new(NULL, &g_funcs);
 /* ... dissection procedure */
 epan_free(local_epan);

After this function I'm not able to use my original epan instance that has been created as global variable in the init function at the beginning. beginning in m program. In same time if I do not free local_epan in the local function or freeing via g_free(local_epan); instead of * epan_free(local_epan);* it works with no issues... Same here do not really understand why. One thing is pops up for me it is that somehow epan creates every new session with no provider and caount every new session as the same previous with same no provider e.g. NULL, but it is just guessing ofc...

I'm trying to implement custom Epan lib API for packet dissections. Currently I'm done with packets dissection and everything works fine. But after I tried to dissect a packet as independent (out of the flow, stream) I ran into a problem... Example: I have some 10 packets, that are a TCP stream and one extra that is not connected to the stream, and I want dissect this extra packet as independent, meaning I do not want to add this packet to the dissection history and do not save any data of this packet in the dissectors flow.

How I dissect the stream:

epan_t* stream_epan = epan_new(NULL, &g_funcs);
/* Performing dissection for all the TCP stream packets sequence */
/* ... */
epan_dissect_run(g_edt, g_filetype_subtype, &reclocal, tvb, &fdlocal, &g_cinfo);
/* ... */
/* Trying to create new independent epan instance, but this causes an exception, seems like I can not create new epan instance after one already has been created... */
epan_t* independent_epan = epan_new(NULL, &g_funcs);

How actually can I correctly dissect some packets as independent like I described above? How the WS doe it, or this is impossible? Or It works only with the read file and provider creation? Or how? Can somebody explain me how can I make it possible?

Also having some weird issues when I create epan session locally in the function

 epan_t* local_epan = epan_new(NULL, &g_funcs);
 /* ... dissection procedure */
 epan_free(local_epan);

After this function I'm not able to use my original epan instance that has been created as global variable in the init function at the beginning in m my program. In same time if I do not free local_epan in the local function or freeing via g_free(local_epan); instead of * epan_free(local_epan);* it works with no issues... Same here do not really understand why. One thing is pops up for me it is that somehow epan creates every new session with no provider and caount every new session as the same previous with same no provider e.g. NULL, but it is just guessing ofc...

I'm trying to implement custom Epan lib API for packet dissections. Currently I'm done with packets dissection and everything works fine. But after I tried to dissect a packet as independent (out of the flow, stream) I ran into a problem... Example: I have some 10 packets, that are a TCP stream and one extra that is not connected to the stream, and I want dissect this extra packet as independent, meaning I do not want to add this packet to the dissection history and do not save any data of this packet in the dissectors flow.

How I dissect the stream:

epan_t* stream_epan = epan_new(NULL, &g_funcs);
/* Performing dissection for all the TCP stream packets sequence */
/* ... */
epan_dissect_run(g_edt, g_filetype_subtype, &reclocal, tvb, &fdlocal, &g_cinfo);
/* ... */
/* Trying to create new independent epan instance, but this causes an exception, seems like I can not create new epan instance after one already has been created... */
epan_t* independent_epan = epan_new(NULL, &g_funcs);

How actually can I correctly dissect some packets as independent like I described above? How the WS doe it, or this is impossible? Or It works only with the read file and provider creation? Or how? Can somebody explain me how can I make it possible?

Also having some weird issues when I create epan session locally in the function

 epan_t* local_epan = epan_new(NULL, &g_funcs);
 /* ... dissection procedure */
 epan_free(local_epan);

After this function I'm not able to use my original epan instance that has been created as global variable in the init function at the beginning in my program. In same time if I do not free local_epan in the local function or freeing via g_free(local_epan); instead of * epan_free(local_epan);* it works with no issues... Same here do not really understand why. One thing is pops up for me it is that somehow epan creates every new session with no provider and caount every new session as the same previous with same no provider e.g. NULL, but it is just guessing ofc...

I'm trying to implement custom Epan lib API for packet dissections. Currently I'm done with packets dissection and everything works fine. But after I tried to dissect a packet as independent (out of the flow, stream) I ran into a problem... Example: I have some 10 packets, that are a TCP stream and one extra that is not connected to the stream, and I want dissect this extra packet as independent, meaning I do not want to add this packet to the dissection history and do not save any data of this packet in the dissectors flow.

How I dissect the stream:

epan_t* stream_epan = epan_new(NULL, &g_funcs);
/* Performing dissection for all the TCP stream packets sequence */
/* ... */
epan_dissect_run(g_edt, g_filetype_subtype, &reclocal, tvb, &fdlocal, &g_cinfo);
/* ... */
/* Trying to create new independent epan instance, but this causes an exception, seems like I can not create new epan instance after one already has been created... */
epan_t* independent_epan = epan_new(NULL, &g_funcs);

How actually can I correctly dissect some packets as independent like I described above? How the WS doe it, or this is impossible? Or It works only with the read file and provider creation? Or how? Can somebody explain me how can I make it possible?

Also having some weird issues when I create epan session locally in the function

 epan_t* local_epan = epan_new(NULL, &g_funcs);
 /* ... dissection procedure */
 epan_free(local_epan);

After this function I'm not able to use my original epan instance that has been created as global variable in the init function at the beginning in my program. In same time if I do not free local_epan in the local function or freeing via g_free(local_epan); instead of epan_free(local_epan); it works with no issues... Same here do not really understand why. One thing is that pops up for me it is that somehow epan perhaps, somehow, epan_new(NULL, &g_funcs);, creates every new session with no provider and caount counts every new session as the same as previous with same no provider in the arguments e.g. NULL, but it is just guessing ofc...guessing...