From: Jason House Subject: recursive taps
Date: Tue, 29 Oct 2002 16:54:44 -0500
One example of how to use this would be generation of the traffic
summary...
Say for instance the top level summary tap is called.
It looks at the first item in proto_tree and finds the entry who's filter
field/protocol is "frame"...
so it looks to see if it has a sub-tap for "frame" and creates it if it
doesn't already have one...
Then it calls that tap and passes in a pointer to the "frame" entry in
proto_tree.
The next tap looks for the next top level entry and finds "ip"
(optionally creates "ip" sub-tap)
then calls the "ip" tap with a pointer to the "ip" entry in proto_tree
This next tap sees "udp"
The next one sees "rtp"
...
This example does not need recursive taps. It is sufficient to just tap on
"frame" and build/maintain a linked tree in the tap extension.
To find out the relation of protocols, ie which protocols are carried
ontop of which other, just inspect the edt variable and update the state
variables to the tap extension accordingly.
There is no need to tap from anything else than "frame" for this type of
extension.
In fact, it would be dead simple to do an extension like this and I can
provide one in the next few days.
(in reply to other post)
Yes, multiple -z arguments are possible and have always been.
I use it daily and documented it in the manpages.
_________________________________________________________________
Broadband? Dial-up? Get reliable MSN Internet Access.
http://resourcecenter.msn.com/access/plans/default.asp
