Dear (readers of the) list,
We're making some progress with our project (see: "Extract data from
Ethereal" posted on Oct. 19).
Exploring some ideas, we've realised writing an extension that taps
"Frames" (based on rtp_stream.c en rpc_stat.c), but it doesn't behave
exactly like we figured out:
When we start ethereal from xterm, we see that the tap gets registered
and when we load in an existing capture file. We get no output.
Reason:I've figured out that the flags.passed_dfilter are set after
our frame_packet is called).
Also when we set a display filter, click apply the previous list is
printed out instead of the restricted output (which we see in
packet_list). When we clear display filter, our filtered output is
printed to stdout (but packet_list shows the unfiltered data).
How can we synchronise our tap with packet_list? So that we can use
the tap system to send data to our server application?
The second problem we have is the following (and is also packet_list
related). When we use the capture capabilities of Ethereal ("Update
list of packets in real time), our function frame_packet isn't called
Although we think, that packets are being dissected the right way
(because when a packet added to the packet list, has the right
protocol and info set by the corresponding dissectors).
This has probably to do with the fact that Ethereal forks a child
process that does the capturing (and also the dissecting???).
So what we like to do is: every time a packet gets added to the list
of packets, our tap gets called and from that point we'll perform some
magic to send the data to our server.
Hopefully some can put us back on the right track!
With regards,
Koen Smets
PS: here's is our sample code (it doesn't do very much, but we're just
exploring tapping works and how to extract data), also we've left out,
init, draw and reset functions:
typedef struct _frame_tapinfo {
} frame_tapinfo_t;
int
frame_packet(frame_tapinfo_t *tapinfo _U_, packet_info *pinfo,
epan_dissect_t *edt _U_, char *data _U_)
{
if (pinfo->fd->flags.passed_dfilter){
printf("Frame number: %d\n",pinfo->fd->num);
}
return 0;
}P
void
register_tap_listener_frame(void)
{
printf("register_tap_listener_frame(void)\n");
GString *error_string;
register_ethereal_tap("frame", frame_init_tap);
error_string = register_tap_listener("frame", &the_tapinfo_struct,
NULL,
(void*)frame_reset, (void*)frame_packet,
(void*)frame_draw);
if (error_string != NULL) {
simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
error_string->str);
g_string_free(error_string, TRUE);
exit(1);
}
}
--
Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the Universe trying
to produce bigger and better idiots. So far, the Universe is winning.
--Rich Cook--
