Well, I finally did it. I made histograms work with packet input in
ethereal.
I make no guarantees that this is an "optimal" solution, but I've
done my best to keep it both efficient and flexible; hopefully it's "good",
but I request critical analysis (yeah, like I have to ask ;-) in hopes of
making it something Really Good.
I'm still cleaning it up / straightening it out. In particular, the
user interface needs a /lot/ of help (it's functional... that's it). I'm
busy the rest of the week, but I hope to have a patch available by the end
of this week. I was going to postpone mentioning it until I had something
to show, but with all this talk of fairly big changes to the structure of
ethereal, I figured it'd be a good idea if the people making the Big Changes
knew about this, just in case. ;-)
It works like this:
* There are program-wide lists of available summaries.
* Each dissector does its own summarization. At program startup,
each dissector registers what it's capable of summarizing (kinda like the
registration of field-types and filter-parsers now).
* Summaries are updated with every incoming packet.
* Graphs are separate, self-contained windows.
* Currently they are only drawn after a file is done loading, but I
intend to have them on a separate timer function to be updated
every-so-often (e.g., 5s) for use on active captures. This support will
probably be in the patch I submit.
* Graphs are automatically registered upon creation. The list of
graphs is used to update them.
* Graphs are automatically unregistered upon deletion.
* A graph is tied to exactly one summary item.
* Multiple graphs can be tied to the same summary item.
* The only type of graph currently in the code is a histogram.
Other types should be easy to add. In particular, a pie chart should be
able to use the exact same info as a histogram.
* The only type of data currently summarized is bivariate
"label/size" data (which is good for histograms and pie charts). It should
be easy to add other types, and I plan to add cross-data for the cross-graph
thingie Sniffer Pro does.
* The only data items currently summarized are TCP src/dest. I hope
you can see it'd be easy to add just about anything else to this mix.
That's it. The user interface is very separate from the summary.
Although the TCP dissection function maintains the summaries right now,
these updates can be made anywhere in the dissection process. It is, in
theory, possible to walk the proto_tree after it's been built for a packet
and summarize some bizzare conglomeration of things... probably /slow/, but
possible.
Well, I have now rambled on for a significant portion of time. I'm
quite tired right now, so chances are that everything I said above is
incoherent and basically gibberish. If this is the case, I apologize, and
hope you'll better understand when I send in diffs this weekend.
Also note: these changes have been made to a version of ethereal
that's a few weeks old (from cvs). I'm not sure how they'll apply with
these other changes, but the changes made to existing code amount to
something like 10 lines (the rest are all new files), so it'll probably
apply cleanly to just about any version.
- Bibek
PS: ahh... I love getting paid to GPL'd work. :-)
