Thanks for the clarification. I'm looking to export/display the
username, ip and message data, so maybe it would be easier to tap the
main aim file rather than specifically the messaging, assuming the info
that messaging dissects is accessible from the main file? Would the data
I want already be in pinfo? Then I could probably keep the tap at the
messaging level. Thanks for the help again, trying to get my head around
how all of this goes together.
Shawn
On 4/7/2010 2:05 AM, Jaap Keuter wrote:
Hi,
Whatever you choose depends on what you want to do with the tapped information,
so that is totally up to you.
The syntax is correct. pinfo is a pointer to the packet info struct, containing
all kinds of meta data on the frame. That's something (almost) every tap
listener wants to have, so is included 'for your convenience'.
Indeed that last data pointer is used to pass a struct of tap info to your listener.
Thanks,
Jaap
Shawn Mayer wrote:
Hello everyone,
I'm currently working on implementing a tap interface for the
aim_messaging dissector and have some questions. Do you think I'd be
better off tapping the main aim protocol? Right now I have it tapping
packets to the queue twice, at the end of dissect_aim_msg_outgoing and
dissect_aim_msg_incoming, in packet-aim_messaging.c. Is this the right
way to go about this? Is "tap_queue_packet(aim_messaging_tap, pinfo,
NULL);" the correct syntax? What is contained in pinfo? Should I make a
struct of the data I want sent to the tap and replace the NULL with
that? I've been following the README.tapping file and the tap-rcpstat.c
and am mildly confused. Thanks for all your assistance.
Shawn
___________________________________________________________________________
Sent via: Wireshark-dev mailing list<wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
NTMail K12 - the Mail Server for Education
