----- Original Message -----
From: "Miha Jemec"
Sent: Friday, February 07, 2003 8:06 PM
Subject: Re: [Ethereal-dev] tap
> 1. Is it allowable ("smart" would be better) to change the packet-rtp.c in
a way, that when calling tap_queue_packet(rtp_tap, pinfo, *pri) the pri is a
structure with information I need (seq.nr, timestemp, ssrc, data,...). That
seems to me much faster than doing all the
"...g_node_first_child(edt->tree), "g_node_next_sibling(),... " stuff.
I think that pri should be a structure holding the RTP header fields and
possibly also other fields
that might be useful for generic users of an RTP tap.
I do not think very specific non generic fields that are neither part of the
protocol header or useful in
a generic way for analyzing that protocol should go there.
Make sure that the pri variable is declared static, since the pointer to it
do not get passed to the rtp_packet()
callback until after all dissectors have returned.
In the code below, two observations since two parameters to
register_tap_listeners() are NULL
Why do you not use a filter?
Should you not use a filter like :
"ip.src_addr==1.2.3.4 && ip.dst_addr==4.3.2.1 && udp.srcport==44 &&
udp.dstport==33"
or something similar?
Also, you should create a instance structure allocated by g_malloc() that
holds all instance variables
used by the tap listener. This variuable is passed to the callbacks.
Putting ALL variables in your tap listener inside such g_malloc()ed instance
structures allows your
feature to automatically run multiple parrallell instances of it.
To force a redissection of the packets, i usually do a
redissect_packets(&cfile);
Is is possible for your extension to do all processing in one single pass
over the packet list or do
you need to do multiple runs over the packets?
>
>
> 2.my code looks something like:
>
> ...
> rtp_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt _U_, void
*pri)
> {
> printf("in rtp packet\n");
> }
>
> void gtk_rtp_init(void)
> {
> if(register_tap_listener("rtp", NULL, NULL, rtp_reset, rtp_packet,
rtp_draw)){
> printf("ethereal: rtp_init() failed to attach to tap.\n");
> exit(1);
> }
> }
>
> void rtp_analyse_cb(GtkWidget *w _U_) {
> gtk_rtp_init();
> }
>
> void
> register_tap_listener_gtkrtp(void)
> {
> register_ethereal_tap("rtp", gtk_rtp_init, NULL, NULL);
> }
>
> If I first click on the button that calls rtp_analyse_cb() which
> registers the tap, and than do the capturing or opening a file it works
> OK (I get the printf statement in rtp_packet() ). But the problem for me
> is: what if I first do the capturing and would then like to do the
> analysis. How can I force the "rescaning" of the packets, so that I will
> get the trigger for the RTP packets? Should I call the
> file_reload_cmd_cb() which reloads the packets or is there another
> possibility with taps?
>
> Thanks for further help, Miha.
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev