Mikael Wikström wrote:
I'm trying to write a tap to calculate some statistics based on values
found in multiple frames in one or more packets. I want to be able to
access some values from the prism/radiotap, for example
radiotap.rate/prism.rate.data, and wlan.type_subtype from the wlan
frame. Writing a tap for the wlan protocol gives me a basic static
context with some useful generic wlan fields but how to I access the
other fields?
1. What is the best way of accessing a field from a frame that is not
in my static protocol dependent tap context?
I.e., how do you access the radiotap.rate/prism.rate.data and the
wlan.type_subtype values for the current frame?
The only way to do that is to use the epan_dissect_t pointer handed to
the tap's packet routine; the "tree" field points to the protocol tree.
You'd have to dig the values out of the protocol tree by hand.
Another solution might be to have the radiotap and Prism dissectors
supply to the 802.11 dissector, as private data, some of the radio
information they see (along with a bitset indicating which of those
values are present), and have the 802.11 dissector supply that to its
taps (again, with the bitset, as there's no guarantee that any
particular value is available).
2. How do I access (1) of the previous frame in my tap?
Wiretap does not itself provide anything to taps to let them get at any
information about frames other than the frame currently being processed.
Taps process frames sequentially, so you know that the frame you
processed prior to the current frame is the previous frame; you could
keep that value in the data structure pointed to by the "tapdata" argument.
