Hi list
Guy wrote:
It'd also be nice to be able to run taps from menu items; a
re-dissection pass would be made through all the packets when
the menu item is selected, with the tap listener being called.
Do you mean that the tap should react to actually selecting the menu
item, or just when a tap listener has been started from the menu?
It would be easy to get it to rescan and immediately update the
rpc_stat by just adding a call to rescan the packet list in
gtk/rpc_stat.c in the function
gtk_rpcstat_init() after the if(register_tap_listener... block.
I did not do this myself since I usually want to get multiple rpcstat
instances opened and everytime i rescan an "average" capture file
it takes 20-30 seconds+ for me to rescan it.
I will not object if someone implements the change to rescan the packetlist
immediately.
In addition, it'd be nice to have a tap that requires *no* dissector
changes, and that just gets handed a protocol tree - or that registers >a
set of fields and gets handed some data structure with the values of
those fields, if present.
What dissector tree?
Do you mean the epan_dissect_t *edt variable? If you want to, it is easy
for me to produce a patch that adds *edt as one of the variables
passed to the _packet() callback. I did not know that that variable was
useful.
Do you want me to provide such a patch?
No dissector changes, or no specific protocol? Why not just tap from
"frame"?
The combination of the two of those might allow the TCP stream analysis to
be implemented as a tap, for example (and, as a side
effect, no longer have to do its own link-layer, IP, and TCP parsing, so
that it can work atop *any* link-layer protocol).
It would also mean that lots of code could be removed from the
tcp dissector and be moved into the stream-analysis code.
On top of that, it'd be nice to have taps as another type of plugin,
in addition to the dissector plugins we have now.
If we start getting lots of taps I can do this change.
I would like to see FrameSizeHistograms that can be created on "frame" with
a user specified filter, so "ip.addr==a.b.c.d" would provide fsh data for
packets matching the filter.
I would also like to see something like "Matrix" where all
ethernet/ip/ipx/rpc/udp/tcp/... connections can be graphically viewed.
For those not familiar with it:
Image all IP conversations being tracked, then all hosts for all
conversations are placed at eqvidistant positions around a circle.
Then a line is drawn between every pair of hosts which have traffic passed
between them and the intensity/width of the line represents the amount of
traffic.
best regards
ronnie sahlberg
_________________________________________________________________
Internet access plans that fit your lifestyle -- join MSN.
http://resourcecenter.msn.com/access/plans/default.asp