["Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>]

----- Original Message -----
From: "Pavel Mores"
Sent: Tuesday, November 19, 2002 10:13 PM
Subject: Re: [Ethereal-dev] TCP Seq graph and users' guide.


> > The only problem with it is that it only works ontop of Ethernet.
> > Porting it to grab data from a tap instead should fix that problem
though.
>
> The ethereal's inner workings turned out to be much too convoluted for
> me to digest.  When I started to write the graphing code, I thought
> there would be some API in the ethereal proper that would isolate me
> from the link layer.  I found none so I hacked my code to support
> ethernet and ppp (most common link-layers, in my view).  Porting it to
> other link-layers would be nice but it has to be done by someone else.


I was thinking more of the new tap system than porting it ot other link
types.
Thus removing the current link layer support as well and just rely on tap.

It would be easy with the tap system to create a mechanism where a callback
inside the tcp-graph code would be called with the tcp-header structure as a
parameter.
It would also get pinfo as a parameter where it could extract the ip layer
addresses.
That callback could then keep track of every segment it was called with and
store it in a file or in a linked list or something.

The filtering to only get tcp packets matching a specific conversation would
be built in to the
tap mechanism and automatic. The callback in tcp-graph would only see those
packets that matched that conversation by magic.


Would that help?