Guy Harris wrote:
> On Thu, Feb 06, 2003 at 09:55:52AM -0500, Jason House wrote:
> > The best answers are sometimes by example.
> > You have two approaches:
> > One way is you can do the approach of tap-iostat.c
Oops, I meant to say tap-protocolstat.c. sorry :(
> > The only trick there becomes adding what you want to the filter
> > string...
... causing edt->tree to cache the result for the particular field(s) of
interest... and then simply calling proto_get_finfo_ptr_array (see
protocolinfo_packet).
> No, he'd need more than that. He wants to extract a particular protocol
> field, so he'd actually have to use edt->tree.
>
> That's a bit of work. The closest thing to an example of that is the
> "proto_hier_stats.c" code; "process_tree()", and the routines it calls,
> give somewhat of an example of what would be done.
>
> If, for example, he wanted the SSRC field from RTP, he'd have to:
>
> 1) get the "header_field_info *" values for the "rtp.ssrc"
> field, and for the "rtp" protocol field, using
> "proto_registrar_get_byname()",
>
> 2) have his code loop through all the top-level protocol nodes
> in the "edt->tree" tree, starting with
> "g_node_first_child(edt->tree)" and iterating using
> "g_node_next_sibling()", getting the "field_info *" for the
> node with "PITEM_FINFO()" and looking for nodes where the
> "hfinfo" member of that node is equal to the pointer to the
> "header_field_info *" for "rtp";
>
> 3) when it finds one of those nodes, do a recursive walk of the
> subtree whose root node is that node, looking for nodes where
> the "hfinfo" member of that node is the "header_field_info *"
> value for "rtp.ssrc";
>
> 4) when that node is found, use "fvalue_get_integer()" to get
> the value of that node, passing it the "value" member of that
> node.
That's only necessary if Miha needs to preserve the structure of the tree or
not.
Maybe I misunderstood his request... I was under the impression that he
simply wanted to read a specific field of a packet.
