Ethereal: Re: [Ethereal-dev] tap

Ethereal-dev: February 2003

Subject: Re: [Ethereal-dev] tap
From: Jason House <jhouse@xxxxxxxxx>
Date: Thu, 06 Feb 2003 14:45:20 -0500

Guy Harris wrote:

> On Thu, Feb 06, 2003 at 09:55:52AM -0500, Jason House wrote:
> > The best answers are sometimes by example.
> > You have two approaches:
> > One way is you can do the approach of tap-iostat.c

Oops, I meant to say tap-protocolstat.c.   sorry :(


> >    The only trick there becomes adding what you want to the filter
> > string...

... causing edt->tree to cache the result for the particular field(s) of
interest... and then simply calling proto_get_finfo_ptr_array (see
protocolinfo_packet).


> No, he'd need more than that.  He wants to extract a particular protocol
> field, so he'd actually have to use edt->tree.
>
> That's a bit of work.  The closest thing to an example of that is the
> "proto_hier_stats.c" code; "process_tree()", and the routines it calls,
> give somewhat of an example of what would be done.
>
> If, for example, he wanted the SSRC field from RTP, he'd have to:
>
>         1) get the "header_field_info *" values for the "rtp.ssrc"
>            field, and for the "rtp" protocol field, using
>            "proto_registrar_get_byname()",
>
>         2) have his code loop through all the top-level protocol nodes
>            in the "edt->tree" tree, starting with
>            "g_node_first_child(edt->tree)" and iterating using
>            "g_node_next_sibling()", getting the "field_info *" for the
>            node with "PITEM_FINFO()" and looking for nodes where the
>            "hfinfo" member of that node is equal to the pointer to the
>            "header_field_info *" for "rtp";
>
>         3) when it finds one of those nodes, do a recursive walk of the
>            subtree whose root node is that node, looking for nodes where
>            the "hfinfo" member of that node is the "header_field_info *"
>            value for "rtp.ssrc";
>
>         4) when that node is found, use "fvalue_get_integer()" to get
>            the value of that node, passing it the "value" member of that
>            node.

That's only necessary if Miha needs to preserve the structure of the tree or
not.
Maybe I misunderstood his request... I was under the impression that he
simply wanted to read a specific field of a packet.

Follow-Ups:
- Re: [Ethereal-dev] tap
  - From: Guy Harris

References:
- [Ethereal-dev] tap
  - From: Miha Jemec
- Re: [Ethereal-dev] tap
  - From: Jason House
- Re: [Ethereal-dev] tap
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] tap
Next by Date: Re: [Ethereal-dev] tap
Previous by thread: Re: [Ethereal-dev] tap
Next by thread: Re: [Ethereal-dev] tap
Index(es):
- Date
- Thread