Ethereal-dev: Re: [Ethereal-dev] General plugins

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Pavel Mores <pvl@xxxxx>
Date: Mon, 16 Jul 2001 12:07:14 +0200
On Mon, Jul 16, 2001 at 05:33:26PM +1000, Ronnie Sahlberg wrote:

> Hi,
> A thought.
> Instead of reinventing the wheel for every type of packet: instead of
> dissecting the ip header again in
> a hypothetical plugin, couldnt the plugin instead just call the normal
> dissect routine and then access the various fields
> by searching for the appropriate hf_* fields for that packet instead?
> If so it would be possible for the plugin to automatically use any field in
> any packet type known to ethereal
> (at least the packets which has hf_* fields defined).

Yes, I would like to see this kind of API available. The rest is just a
matter of performace. I hear that full dissection can get quite
expensive. In my tcp graphing code, I just need to know IP addresses and
some fields from tcp header (ports, seq/ack numbers and flags). I'm not
interested in options and others. So if full dissection would cost
performance then I can just typecast the IP header pointer returned from
a plugin API call to struct iphdr and read the fields I need with no
additional overhead. If dissecting of an IP header and constructing its
internal representation that could be passed back to the plugin code can
be done in a few CPU cycles then there's no point in bothering to write
a "limited dissection" code for my plugin. Just a matter of performace.

	pvl