Implementing Register
Network Monitor loads a capture from the capture file, and then starts calling the Register function for all the protocols that it can identify. Each parser DLL must implement a Register function for each protocol that the parser DLL supports.
Each implementation of the Register function must call the CreatePropertyDatabase and AddProperty functions to create and fill-in the property database for the protocol, and then the CreateHandoffTable to create the handoff table for the protocol — if needed.
Note
Protocol properties are defined for Network Monitor. Properties are not mapped to a location in a capture data until the AttachProperties export function is called.
The following procedure identifies the steps necessary to implement the Register function.
To implement Register for one protocol
- Define an array of PROPERTYINFO structures to describe each property that the protocol supports.
- Call CreatePropertyDatabase to provide a protocol handle, and the number of properties that the protocol supports.
- Call AddProperty in a loop to add each property defined in the PROPERTYINFO structure array.
- If the protocol uses a handoff table, call CreateHandoffTable— after all the properties of the protocol are added to the property database.
The following is a basic implementation of Register. Note that a property database is created for a protocol that supports only two properties. This code example is taken from the generic parser that Network Monitor provides.
#include <windows.h>
PROPERTYINFO MyProtocolPropertyTable[]
{
// Summary property (0)
{
0, // Handle to property.
0, // Reserved.
"Summary", // Property label.
"Summary of protocol packet", // Property comment.
PROP_TYPE_SUMMARY, // Data type of property.
PROP_QUAL_NONE, // Data type qualifier.
NULL, // Reserved.
80, //
FormatPropertyInstance //
}
// WORD property (1)
{
0, // Handle to property.
0, // Reserved.
"WORD property", // Property label.
"16-bit WORD property", // Property comment.
PROP_TYPE_WORD, // Data type of property.
PROP_QUAL_NONE, // Data type qualifier.
NULL, // Reserved.
80, //
FormatPropertyInstance //
}
}
void BHAPI MyProtocolRegister( HPPROTOCOL hProtocol)
{
// Create property database.
DWORD dwNumberOfProperties = 2;
CreatePropertyDatabase (hProtocol,
dwNumberOfProperties
);
// Add properties to database.
WORD i;
for( i=0; i< dwNumberOfProperties; i++)
{
AddProperty(hProtocol, &MyProtocolPropertyTable[i]);
}
// Create handoff table.
CreateHandoffTable("myProtocolHandoffTable",
"myProtocol.ini",
hTable,
MaxEntries,
10 // Handoff set values are base 10.
)
}