forked from osmocom/wireshark
README.tapping: Some minor updates
Martin Mathieson
Wireshark GitLab Utility
parent
62a747bae3
commit
4901eefaa5
|
|
@ -1,7 +1,7 @@
|
|||
The TAP system in Wireshark is a powerful and flexible mechanism to get event
|
||||
driven notification on packets matching certain protocols and/or filters.
|
||||
In order to use the tapping system, very little knowledge of Wireshark
|
||||
internals are required.
|
||||
internals is required.
|
||||
|
||||
As examples on how to use the tap system see the implementation of
|
||||
tap-rpcprogs.c (tshark version)
|
||||
|
|
@ -30,7 +30,7 @@ If not, then you have to add a tap but don't worry, this is extremely easy to
|
|||
do and is done in four easy steps;
|
||||
(see packet-rpc.c and search for tap for an example)
|
||||
|
||||
1, We need tap.h so just add '#include "tap.h"' (preceded by packet.h) to
|
||||
1, We need tap.h so just add '#include <epan/tap.h>' (preceded by packet.h) to
|
||||
the includes.
|
||||
|
||||
2, We need a tap handler so just add 'static int <protocol>_tap = -1;'
|
||||
|
|
@ -43,7 +43,7 @@ have returned, just add 'tap_queue_packet(<protocol>_tap, pinfo, <pointer>);'
|
|||
|
||||
<pointer> is used if the tap has any special additional data to provide to the
|
||||
tap listeners. What this points to is dependent on the protocol that is tapped,
|
||||
or if there are no useful extra data to provide just specify NULL. For
|
||||
or if there is no useful extra data to provide, just specify NULL. For
|
||||
packet-rpc.c what we specify there is the persistent structure 'rpc_call' which
|
||||
contains lots of useful information from the rpc layer that a listener might
|
||||
need.
|
||||
|
|
@ -84,7 +84,7 @@ pointer to distinguish between different instances of a tap.
|
|||
Just make sure that it is unique by letting it be the pointer to a struct
|
||||
holding all state variables. If you want to allow multiple concurrent
|
||||
instances, just put ALL state variables inside a struct allocated by
|
||||
g_malloc() and use that pointer.
|
||||
g_new() and use that pointer.
|
||||
(tap-rpcstat.c use this technique to allow multiple simultaneous instances)
|
||||
|
||||
*fstring
|
||||
|
|
@ -123,6 +123,11 @@ is a set of flags for the tap listener. The flags that can be set are:
|
|||
set if your tap listener "packet" routine requires the column
|
||||
strings to be constructed.
|
||||
|
||||
TL_REQUIRES_ERROR_PACKET
|
||||
|
||||
set if your tap listener should be updated even when pinfo->flags.in_error_pkt is set
|
||||
e.g. if it is inside an ICMP unreachable packet
|
||||
|
||||
If no flags are needed, use TL_REQUIRES_NOTHING.
|
||||
|
||||
void (*reset)(void *tapdata)
|
||||
|
|
@ -133,7 +138,7 @@ in the *tapdata instance.
|
|||
|
||||
tap_packet_status (*packet)(void *tapdata, packet_info *pinfo, epan_dissect_t *edt, const void *data)
|
||||
This callback is used whenever a new packet has arrived at the tap and that
|
||||
it has passed the filter (if there were a filter).
|
||||
it has passed the filter (if there was a filter).
|
||||
The *data structure type is specific to each tap.
|
||||
This function returns a tap_packet_status enum and it should return
|
||||
TAP_PACKET_REDRAW, if the data in the packet caused state to be updated
|
||||
|
|
|
|||
Loading…
Reference in New Issue