On Tue, May 25, 2004 at 02:21:06PM +1000, Andrew Yager wrote:
> I'm part of a group of students at Macquarie University who are going
> to be writing an expert analysis framework for ethereal over the coming
> months. Basically, we want to provide additional functionality to
> ethereal allowing developers to easily write modules to obtain and
> display specific information about their network packet captures. At
> the moment, we see the main advantage of this over TAP is that
> developers will no longer need to write several thousand lines of code
> to display stuff on the screen.
>
> At the moment our plans for the module are:
>
> * provide a way to get information out of ethereal (probably in a
> similar fashion to TAP)
Or perhaps in the exact same fashion as the tap mechanism.
The tap mechanism provides some low-level mechanisms to get called with
information from a packet and to be called when information is to be
drawn. What you might want to provide, if the tap mechanism is adequate
for getting the information, is...
> * provide a way to display the information, initially in a tree
> structure, extending at a later stage to a table or ASCII
...a higher-level API to do the display; a higher-level expert would
register "reset" and "packet" handlers that are the same as tap
handlers, but would, instead of registering a low-level "draw" routine,
would specify at some higher level the way to present the data. Your
code would supply its own "draw" routine that would get the data
constructed by the "packet" handler (with a callback, or with the
higher-level registration routine specifying the source of the data in
some other fashion) and display it as appropriate.
If the current tap mechanism's "reset" and "packet" handlers (i.e., the
part of the API for supplying data) aren't sufficient, you might want to
extend them rather than having a separate mechanism (i.e., your extended
mechanism would *become* the tap mechanism).
At least when displaying as a table, this could also be useful for taps
that serve both as Tethereal and Ethereal taps with the *same* code -
the Tethereal version would "draw" the table by printing it to the
standard output.
I'd been thinking about this as a way of simplifying the construction of
statistics tables; the statistics-table tap would construct a data
structure consisting of
1) an array of column information, giving column names and data
formats (unsigned integer, floating-point, string, network
address, etc.)
and
2) an array of rows, each of which is an array of column values.
Lars Roland (as I remember; my apologies to Lars Ruoff if it was him)
has also been thinking about more general mechanisms of that sort.
> We were wondering if you guys could suggest some additional things you
> might like this to do.
Another interesting thing that could be done with a table would be to
display it as a graph - a table of:
A B C ...
1 1.5 3 ...
2 2.7 1.8 ...
...
could be drawn as a line or skyline or... graph with "A" on the X axis
and B and C and... on the Y axis. A table of
A B C ...
1.7 3.1 86.2 ...
could be displayed as a bar chart with the bars labeled "A", "B", "C",
..., or as a pie chart with the values as percentages; there are
probably other graph possibilities (e.g., the "traffic matrix", or
whatever they're called graphs, of the sort drawn by e.g. EtherApe:
http://etherape.sourceforge.net/
