Ethereal-dev: Re: [Ethereal-dev] porting protocol hierarchy stats to TETHEREAL

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 28 May 2002 11:30:13 -0700
On Tue, May 28, 2002 at 06:28:52PM +0200, sergio morant wrote:
> I have made allready a module quite similar to protocol_hierarchy_stats 
> that gets some statistics after  a capture is been done and it prints 
> all the information in a file besides the "protocol hierchy stats" that 
> presents all the information in a GTK window.
> Now the module works quite well with ethereal but as long as I don't 
> have need of the GTK I want to port it to TETHEREAL.
> I know that my problem is dealing with the structure of "capture_file" 
> because when I try to make the loop (same  as protocol hierarchy stats) : 
> for (frame = cfile.plist; frame != NULL; frame = frame->next) {
> I get an empty pointer in cfile.plist besides the pointer first frame.

Ethereal reads a capture file in, and builds, in memory, a linked list
of data structures for all the frames in the capture file.

Tethereal, however, doesn't - it processes the packets as it reads them,
and doesn't store data structures for each frame.

If you want to have something in Tethereal that reads a capture file and
neither writes the raw packets to another capture file nor prints
information about each packet, but, instead, computes statistics and,
after the entire file has been read, prints the statistics, you'd modify
the "load_cap_file()" routine in Tethereal.

Currently, that routine checks whether "cf->save_file" is NULL; if not,
it opens an output capture file, loops through all packets in the input
capture file, and writes each packet from the input capture file to the
output capture file, otherwise it loops through all packets in the input
capture file and prints information about the packets.

You'd change it so that if "cf->save_file" is NULL, instead of just
doing

    args.cf = cf;
    args.pdh = NULL;
    success = wtap_loop(cf->wth, 0, wtap_dispatch_cb_print, (u_char *) &args,
                        &err);

to loop through all packets and print them, it'd check whether it was
supposed to compute statistics and, if so, it'd loop through all packets
and compute statistics.

To do that, you'd have a "callback" routine, similar to
"wtap_dispatch_cb_print()" - for example, it might be called
"wtap_dispatch_cb_compute_stats()" - which would have the same calling
sequence as "wtap_dispatch_cb_print()", and would make a call to
"wtap_loop()" to loop through all packets, calling that routine for each
packet.

At the end of the loop, if "wtap_loop" returns a non-zero value (meaning
"true", i.e. "no errors"), you would report the statistics.