Wireshark mailing list archives
tap for IGMPv3 statistics ...
From: wireshark () nleymann de
Date: Tue, 20 Jul 2010 19:20:40 +0200
Hi, I'm currently working on extending wireshark to create some statistics related to IGMP. This includes but is not limited to: - IGMP Version (1/2/3) - IGMPv1 # of queries # of joins - IGMPv2 # of queries # of joins # of leaves - IGMPv3 # queries # of group records/packet # of record types (by type, e.g. 10 IS_INCL, 20 CHANGE_TO_INCL) In addition I also want to include statistics related to groups. E.g. # IS_INCL, #IS_EXCL per group Example: 239.1.2.3 (total): 34 IS_INCL 15 IS_EXCL 15 CHANGE_TO_INCL 2 CHANGE_TO_EXCL 2 In order to do so I decided to use the stats_tree and to write a plugin (with a tap in the IGMP dissector). Unfortunately passing the correct information from the tap to the plugin is not that easy. From what I understand I have two possibilites: a) create an addtional data structure in the IGMP dissector and to fill the data structure during dissection, passing it via the tap to the stats_tree plugin for IGMP - for IGMPv1/IGMPv2 this might be the way to go but with IGMPv3 and the dissection of an (more or less) arbitrary number of group records this might add an significant overhead to the dissector b) pass the whole IGMP packet (raw data) from the dissector to the tap/plugin - less overhead for the IGMPv3 dissector but more work in the tap plugin because parts of the dissector need to be reimplemented (mainly copied from packet-igmp.c) My problem with b) is, how can I pass the whole packet via the tap to my plugin? Do I have to make a copy from the tvb buffer or is there a way to pass a pointer to the buffer via the tap to the plugin? Regards Nic ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- tap for IGMPv3 statistics ... wireshark (Jul 20)