Re: Tap Implementation

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi,

Whatever you choose depends on what you want to do with the tapped information, 
so that is totally up to you.

The syntax is correct. pinfo is a pointer to the packet info struct, containing 
all kinds of meta data on the frame. That's something (almost) every tap 
listener wants to have, so is included 'for your convenience'.

Indeed that last data pointer is used to pass a struct of tap info to your listener.

Thanks,
Jaap

Shawn Mayer wrote:
> Hello everyone,
> I'm currently working on implementing a tap interface for the 
> aim_messaging dissector and have some questions. Do you think I'd be 
> better off tapping the main aim protocol? Right now I have it tapping 
> packets to the queue twice, at the end of dissect_aim_msg_outgoing and 
> dissect_aim_msg_incoming, in packet-aim_messaging.c. Is this the right 
> way to go about this? Is "tap_queue_packet(aim_messaging_tap, pinfo, 
> NULL);" the correct syntax? What is contained in pinfo? Should I make a 
> struct of the data I want sent to the tap and replace the NULL with 
> that? I've been following the README.tapping file and the tap-rcpstat.c 
> and am mildly confused. Thanks for all your assistance.
>
> Shawn

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe