Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Help with packet statistics

From: Aniruddha A <aniruddha.a@xxxxxxxxx>
Date: Thu, 11 Mar 2010 23:44:47 +0530
Hello,

I added a tap interface and statistics for my protocol, I see that the
main packet count is working fine
but when I try to fetch the sub-type statistics, somewhere the Total
is wrong, i.e, my output shows:

Total Packets             36
  Foo Packet Types    36
      Message Type-1  26
      Message Type-2    4
      Message Type-3    4
      Message Type-3    2

 Foo MessageType-1 52 <--- not sure how this summed up the main
counter and sub counter
     Sub-Type-1           22
     Sub-Type-2             2
     Sub-Type-3             2

Now, the sum of the Sub Types is correctly shown under main packet
types(26), and their split is
also correct (22,2,2). I am not sure if I am using the tick_stat_node
correctly, can anyone please clarify.
This is how my stats code looks now:

foo_stats_tree_init(stats_tree *st)
{
    st_node_packs = stats_tree_create_node(st, st_str_packs, 0, TRUE);
    st_node_pack_types = stats_tree_create_pivot(st, st_str_pack_types,
            st_node_packs);
    st_node_subtype_pack_types = stats_tree_create_pivot(st,
st_str_subtype_pack_types,
            st_node_packs);
}

foo_stats_tree_pack(stats_tree* st, pack_info* pinfo _U_,
                       epan_dissect_t* edt _U_ , const void* p)
{
    struct foo_tap_t *pi = (struct foo_tap_t *) p;

    tick_stat_node(st, st_str_packs, 0, FALSE);
    stats_tree_tick_pivot(st, st_node_pack_types,
            val_to_str(pi->foo_msg_type, msg_type_names,
                "Unknown pack type (%d)"));
    if (pi->foo_msg_type == MSG_SUBTYPE_1) {
        tick_stat_node(st, st_str_subtype_pack_types, 0, FALSE);
        stats_tree_tick_pivot(st, st_node_subtype_pack_types,
                val_to_str(pi->foo_subtypecode, subtype_code_names,
                    "Unknown subtype pack (%d)"));
    }
    return 1;
}

Also, in which cases are we supposed to return 0 from the above function?

Thanks.
--
Ani