[ronnie sahlberg <ronniesahlberg@xxxxxxxxx>]

I think that it would be important/desireable to make the module less
intrusive, i.e. remove the need to patch any of the files such as
file.c  etc.

My understanding is that you really only need to pull certain fields
from the packets into "Thing"?

A better and much less intrusive way to do this is to use TAP to get the data.

I think using TAP  in a way similar to how proto,colinfo works would
be suitable.

See http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/tap-protocolinfo.c?rev=12335&view=auto
for how -z proto,colinfo,<field> is using tap.


It registers a TAP listener for the frame tap (all packets)   then on
the filter string it specifies
a filter that contains all the fields we want to look at,
the _packet() part of the listener then just pulls the values out from
the edt structure passed to tap.


The reason the fields must be part of the filter string is to
guarantee that the fields will not be pruned by ethereal and so that
they are guaranteed to still be in the pruned edt tree when the tap is
called.





On Wed, 17 Nov 2004 06:48:23 +0100, Martin Regner
<martin.regner@xxxxxxxxx> wrote:
> 
> Ronnie Sahlberg wrote:
> > MATE :  Meta Analysis and Tracing Engine
> >
> 
> PI: Packet Interceptor  (PDU Interceptor)
> 
> _______________________________________________
> 
> 
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>