Hi,
I'm currently working on extending wireshark to create some statistics
related to IGMP.
This includes but is not limited to:
- IGMP Version (1/2/3)
- IGMPv1
# of queries
# of joins
- IGMPv2
# of queries
# of joins
# of leaves
- IGMPv3
# queries
# of group records/packet
# of record types (by type, e.g. 10 IS_INCL, 20 CHANGE_TO_INCL)
In addition I also want to include statistics related to groups. E.g.
# IS_INCL, #IS_EXCL per group
Example:
239.1.2.3 (total): 34
IS_INCL 15
IS_EXCL 15
CHANGE_TO_INCL 2
CHANGE_TO_EXCL 2
In order to do so I decided to use the stats_tree and to write a plugin
(with a tap in the IGMP dissector). Unfortunately passing the correct
information from the tap to the plugin is not that easy. From what I
understand I have two possibilites:
a) create an addtional data structure in the
IGMP dissector and to fill the data structure
during dissection, passing it via the tap
to the stats_tree plugin for IGMP
- for IGMPv1/IGMPv2 this might be the way to
go but with IGMPv3 and the dissection of an
(more or less) arbitrary number of group
records this might add an significant overhead
to the dissector
b) pass the whole IGMP packet (raw data) from the
dissector to the tap/plugin
- less overhead for the IGMPv3 dissector but more
work in the tap plugin because parts of the dissector
need to be reimplemented (mainly copied from
packet-igmp.c)
My problem with b) is, how can I pass the whole packet via the tap to my
plugin? Do I have to make a copy from the tvb buffer or is there a way
to pass a pointer to the buffer via the tap to the plugin?
Regards
Nic