Hello everyone,
I'm currently working on implementing a tap interface for the
aim_messaging dissector and have some questions. Do you think I'd be
better off tapping the main aim protocol? Right now I have it tapping
packets to the queue twice, at the end of dissect_aim_msg_outgoing and
dissect_aim_msg_incoming, in packet-aim_messaging.c. Is this the right
way to go about this? Is "tap_queue_packet(aim_messaging_tap, pinfo,
NULL);" the correct syntax? What is contained in pinfo? Should I make a
struct of the data I want sent to the tap and replace the NULL with
that? I've been following the README.tapping file and the tap-rcpstat.c
and am mildly confused. Thanks for all your assistance.
Shawn
NTMail K12 - the Mail Server for Education
