Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

9.6. How to produce protocol stats

Given that you have a tap interface for the protocol, you can use this to produce some interesting statistics (well presumably interesting!) from protocol traces.

This can be done in a separate plugin, or in the same plugin that is doing the dissection. The latter scheme is better, as the tap and stats module typically rely on sharing protocol specific data, which might get out of step between two different plugins.

Here is a mechanism to produce statistics from the above TAP interface.

Example 9.21. Initialising a stats interface

/* register all http trees */
static void register_foo_stat_trees(void) {
	stats_tree_register("foo","foo","Foo/Packet Types",
		foo_stats_tree_packet, foo_stats_tree_init, NULL );
}
#ifndef ENABLE_STATIC
//G_MODULE_EXPORT const gchar version[] = "0.0";

G_MODULE_EXPORT void plugin_register_tap_listener(void)
{
	register_foo_stat_trees();
}

#endif
   

Working from the bottom up, first the plugin interface entry point is defined, plugin_register_tap_listener. This simply calls the initialisation function register_foo_stat_trees.

This in turn calls the stats_tree_register function, which takes three strings, and three functions.

  1. This is the tap name that is registered.

  2. An abbreviation of the stats name.

  3. The name of the stats module. A '/' character can be used to make sub menus.

  4. The function that will called to generate the stats.

  5. A function that can be called to initialise the stats data.

  6. A function that will be called to clean up the stats data.

In this case we only need the first two functions, as there is nothing specific to clean up.

Example 9.22. Initialising a stats session

static const guint8* st_str_packets = "Total Packets";
static const guint8* st_str_packet_types = "FOO Packet Types";
static int st_node_packets = -1;
static int st_node_packet_types = -1;

static void foo_stats_tree_init(stats_tree* st) {
	st_node_packets = stats_tree_create_node(st, st_str_packets, 0, TRUE);
	st_node_packet_types = stats_tree_create_pivot(st, st_str_packet_types, st_node_packets);
}
   

In this case we create a new tree node, to handle the total packets, and as a child of that we create a pivot table to handle the stats about different packet types.

Example 9.23. Generating the stats

static int foo_stats_tree_packet(stats_tree* st, packet_info* pinfo,
epan_dissect_t* edt, const void* p) {
	struct FooTap *pi = (struct FooTap *)p;
	tick_stat_node(st, st_str_packets, 0, FALSE);
	stats_tree_tick_pivot(st, st_node_packet_types,
			val_to_str(pi->packet_type, msgtypevalues, "Unknown packet type (%d)"));
	return 1;
}
   

In this case the processing of the stats is quite simple. First we call the tick_stat_node for the st_str_packets packet node, to count packets. Then a call to stats_tree_tick_pivot on the st_node_packet_types subtree allows us to record statistics by packet type.


 
 
  Published under the terms fo the GNU General Public License Design by Interspire