Wireshark · Ethereal-dev: Re: [Ethereal-dev] is cfile.plist at all filled in in tethereal?

[Joerg Mayer <jmayer@xxxxxxxxx>]

On Tue, Aug 27, 2002 at 01:00:13PM -0700, Guy Harris wrote:
> It might be interesting to see if the protocol statistics could be
> computed without building a protocol tree (as all it cares about is
> protocols, not all protocol tree items).  If that were done, the
> statistics could be computed when reading in the file in Ethereal, and
> displaying them wouldn't require another pass through the file.  (They'd
> be recomputed when filtering the display, as the statistics apply to the
> displayed packets.)

Just an idea that I've been toying with for some time: Ideally the
statistics should be generated for every protocol, not just a few ones
and they should be one pass so that tethereal can use them too.
In order to reduce the effort involved, this should either be done
automatically, i.e. without changeing existing dissectors or in a
manner that allows the necessary changes to the dissectors to be
done via a script.
This is what I've come up with:
each protocol dissector does a call similar to this one:

col_set_str(pinfo->cinfo, COL_PROTOCOL, "TCP");

So either we could do it inside col_set_str whenever COL_PROTOCOL
is given as an argument or add a call like add_stats("TCP") directly
after the call to col_set_str. add_stats searches a hash with the
key "TCP" and adds the data for this packet. A more advanved version
could also remember the previous value (in this case this might be
"IP") and associate a backward link with the IP entry. I haven't
really given any detail thoughts to the handling of multiple low-
level protocols for a higher level protocol (eth, tr -> IP) but
that is the general idea 

If that idea looks interesting: take it, improve it and just bring
it to life (or code in this case).

 Ciao
       Jörg

--
Joerg Mayer                                          <jmayer@xxxxxxxxx>
I found out that "pro" means "instead of" (as in proconsul). Now I know
what proactive means.