The best answers are sometimes by example.
You have two approaches:
One way is you can do the approach of tap-iostat.c
The only trick there becomes adding what you want to the filter
string...
The other way involves populating the pri paramater from the protocol you
are trying to tap.
... having a structure that you define a field for what you want to
access, and then having
that field sent directly to your tap listener. The packet-rpc* should be
a good example of that.
Miha Jemec wrote:
> Hi!
>
> Using TAPs, I would like to get the some information (parameters) about
> the packet. So if my protocol_packet function looks like:
>
> rtp_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt _U_, void
> *pri)
>
> and the protocol is RTP how do I get for example the SSRC field value.
> I'm trying with edt->tree... but the compiler doesn't agree.
>
> Do I need to do the whole stuff like:
>
> proto_registrar_get_byname("rtp.ssrc");
> for (ptree_node = g_node_first_child(protocol_tree);
> ptree_node != NULL;
> ptree_node = g_node_next_sibling(ptree_node)) {
> ....
>
> or (as in README.tapping) "in order to use the tapping system, very
> little knowledge of ethereal internals is required"
>
> Thanks a lot for any help,
> Miha
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
