Manualshelf

User guide

ManualsBrandsWireshark Manualsaudio & home theatre- 0.99.7
121122123124125126127128129130
9.5. How to tap protocols
Adding a Tap interface to a protocol allows it to do some useful things. In particular you can pro-
duce protocol statistics from the tap interface.
A tap is basically a way of allowing other items to see whats happening as a protocol is dissected. A
tap is registered with the main program, and then called on each dissection. Some arbritary protocol
specific data is provided with the routine that can be used.
To create a tap, you first need to register a tap. A tap is registered with an integer handle, and re-
gistered with the routine register_tap. This takes a string name with which to find it again.
Example 9.20. Initialising a tap
#include <epan/tap.h>
static int foo_tap = -1;
struct FooTap {
gint packet_type;
gint priorty;
...
};
...
foo_tap = register_tap("foo");
Whilst you can program a tap without protocol specific data, it is generally not very useful. There-
fore it's a good idea to declare a structure that can be passed through the tap. This needs to be a stat-
ic structure as it will be used after the dissection routine has returned. Its generally best to pick out
some generic parts of the protocol you are dissecting into the tap data. A packet type, a priority, a
status code maybe. The structure really needs to be included in a header file so that it can be in-
cluded by other components that want to listen in to the tap.
Once you have these defined, it's simply a case of populating the protocol specific structure and then
calling tap_queue_packet probably as the last part of the dissector.
Example 9.21. Calling a protocol tap
static struct FooTap pinfo;
pinfo.packet_type = tvb_get_guint8(tvb, 0);
pinfo.priority = tvb_get_ntohs(tvb, 8);
...
tap_queue_packet(foo_tap, pinfo, &pinfo);
This now enables those interested parties to listen in on the details of this protocol conversation.
Packet dissection
115