I like your method... very simple :)
I've implemented the method you outlined, but now realize that I can't
rely on the fields in pinfo since they could get modified after the call
to dissect_tcp... I'll make that fix in the relatively near future and
submit an updated patch...
Are there any other problems with tap-tcp_close while I'm at it?
What thoughts are there on the modifications to conversations?
Ronnie Sahlberg wrote:
> I think a much simpler solution, which is used to solve the same/similar
> problem elsewhere
> all over the place would be to add to dissect_tcp(){
>
> static int cur_tcp_hdr_struct=0;
> static struct tcp_header tcph[4], *tcp;
>
> tcp=&tcph[tcp_hdr_struct];
> tcp_hdr_struct++;
> if(tcp_hdr_struct>=4)
> tcp_hdr_Struct=0;
>
> adn then from there on use tcp-> everywhere in disect_tcp()
