Mikael Wikström wrote: > I'm trying to write a tap to calculate some statistics based on values > found in multiple frames in one or more packets. I want to be able to > access some values from the prism/radiotap, for example > radiotap.rate/prism.rate.data, and wlan.type_subtype from the wlan > frame. Writing a tap for the wlan protocol gives me a basic static > context with some useful generic wlan fields but how to I access the > other fields? > > 1. What is the best way of accessing a field from a frame that is not > in my static protocol dependent tap context?
I.e., how do you access the radiotap.rate/prism.rate.data and the wlan.type_subtype values for the current frame? The only way to do that is to use the epan_dissect_t pointer handed to the tap's packet routine; the "tree" field points to the protocol tree. You'd have to dig the values out of the protocol tree by hand. Another solution might be to have the radiotap and Prism dissectors supply to the 802.11 dissector, as private data, some of the radio information they see (along with a bitset indicating which of those values are present), and have the 802.11 dissector supply that to its taps (again, with the bitset, as there's no guarantee that any particular value is available). > 2. How do I access (1) of the previous frame in my tap? Wiretap does not itself provide anything to taps to let them get at any information about frames other than the frame currently being processed. Taps process frames sequentially, so you know that the frame you processed prior to the current frame is the previous frame; you could keep that value in the data structure pointed to by the "tapdata" argument. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
