Ethereal-dev: Re: [Ethereal-dev] Advice on how to make a protocol grapher...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 23 May 2003 15:39:05 -0700
On Thu, May 22, 2003 at 01:34:49PM -0400, Jason House wrote:
>    If yes, then it's a matter of trying to make what already exists work 
> in real time... something that I would love to see ;)

If you mean making taps work in real time, updating as a capture
progresses, then note that taps work by scanning through the packets and
processing them sequentially, so, to make taps work in real time, you'd
want to process packets as they arrive.

Then note that we already have a mechanism to do that - "Update list of
packets in real time" in a capture.

You might not want to require that the list of packets update as the
capture proceeds, although it's not as if you avoid the overhead of
dissecting packets while you're capturing - you need to do that to do a
tap regardless of whether you're updating the display or not; you only
avoid the overhead of updating the list of packets and the display, and
of computing the text for the new columns.

We could even avoid some of *that* overhead if we went with column-list
widgets that used callbacks to fetch the column text.  That would need
to compute the text for the new columns for a given packet only if

	1) the display were scrolled and the row for that packet were
	   scrolled onto the display;

	2) you did a sort on the column (NOTE that this would make
	   sorting on the Info column, and possibly sorting on the
	   protocol column, *V*E*R*Y* slow in a large file!);

	3) we computed the widths of the columns based on the widest
	   column text, in which case we'd need to compute the text for
	   *every* column (note that Microsoft Network Monitor, which I
	   suspect computes column text only when a row is to be
	   displayed, has fixed-width columns and just puts in a "..."
	   if the full text doesn't fit - you have to resize the column
	   manually to see the rest of it - *and* doesn't support
	   sorting on columns).

Note, however, that if a tap happens to let you go to a particular frame
(as a tap version of "TCP Stream Analysis" would), you'd have to, at
minimum, force the display to update enough to display the relevant
packets).