CLASS SUMMARY
=============

The following table lists the main classes, and indicates their
inheritance (eg., KNDMonitor is a sub-class of KNDView). There are
a number of additional classes, mainly to extend the functionality
of the standard Qt widgets, and to provide dialogs.


KNDApp					- Top-level application object

KNDDisplay				- Display splitter
KNDButBar				- Main set/reset... button bar
KNDView					- Base class for sniffers
	KNDMonitor			- Local sniffer
	KNDRemote			- Remote sniffer
	KNDReplay			- Replay binary log

KNDPlugin				- Base class for config/display plugins
	KNDConf				- Main configuration class
		KNDConfMon		- Monitor configuration class
			KNFConfLoc	- Local monitor configuration class
			KNFConfRem	- Remote monitor configuration class
		KNDConfRep		- Replay configuration class
	KNDEvent			- Event command configuration
	KNDGraphic			- Graphic load display
	KNDPktPlugin			- Wrapper class for packet lists
		KNDPacket			- Packet details display
	KNDTrigger			- Filter/trigger configuration

KNDDetails				- Protocol display
KNDTCPData				- TCP/IP data stream display

KNDPCap					- Base class for packet capture
	KNDPCapMon			- Live packet capture
		KNDPCapLoc		- Local packet capture
		KNDPCapRem		- Remote packet capture
	KNDPCapRep			- Replay binary log

KNDMulti				- Parallel load displau
KNDSetup				- Global setup
KNDUser					- Privileged user setup

KNDLoadHist				- Network traffic histogram
KNDLoadBar				- Time-averaged traffic bar
KNDPktHist				- Packet count histogram
KNDPktBar				- Time-averaged packet count bar

Note that the following classes are used in the remote sniffer, hence
they do not contain any KDE/Qt classes (even though this means implementing
some stuff like lists).

CapBase					- Base capture object
	CapLocal			- Local packet capture
	CapRemote			- Remote packet capture

NetPCap					- Low-level interace to libpcap


STRUCTURAL OVERVIEW
===================

The top level KNDApp object creates a single instance of the KNDDisplay
class, and provides this with a single instance of the KNDButBar class
to handle the left-hand column of buttons; it also creates single
instances of the KNDMulti and KNDSetup classes. It then creates instances
of the KNDMonitor and KNDRemote classes; these are taken from the saved
configuration, with a single KNDMonitor being created if there is no
saved configuration. These are linked as below:

        KNDApp <--+--- KNDMulti
                  |
                  +--- KNDSetup
                  |
                  +--- KNDDisplay <---+--- KNDButBar
                                      |
                                      +--- KNDView::KNDMonitor
                                      |
                                      .
                                      .
                                      |
                                      +--- KNDView::KNDRemote

Hence, KNDApp is responsible for switching between the parallel display,
the global setup, and the sniffers as a group; while KNDDisplay is
responsible for switching bewteen individual sniffers.


The KNDView class, and its derived classes (KNDMonitor, KNDRemote and
KNDReplay) create a further set of objects appropriate to their
function. All three create KNDEvent, KNDGraphic, KNDPacket and KNDTrigger
pbjects; respectively they create either a KNDConfLoc, a KNDConfRem
or a KNDConfRep object to handle the appropriate configuration. KNDView
is derived from KTabCtl, and each object created appears as a tab.
This results in the links as below:

        KNDView <--+--- KNDConfLoc/KNDConfRem/KNDConfRep
                   |
                   +--- KNDTrigger
                   |
                   +--- KNDEvent
                   |
                   +--- KNDGraphic
                   |
                   +--- KNDPacket

Thus, KNDView is responsible for switching between the individial
configuration and display objects.


The three configuration classes (KNDConfLoc, KNDConfRem and KNDConfRep)
create an appropriate packet capture object (respectively KNDPCapLoc,
KNDPCapRem and KNDPCapRep); note that the third replay case is not a
real capture, but replays a log file as if it were live capture. Captured
packets are routed from the capture object back through the configuration
object and KNDView object, and thence to the KNDGraphic and KNDPacket
objects. Although this presents some additional overheads, it makes
the implementation of plugins (see below) simpler.



PLUGINS
=======

KSnuffle 0.8 supports plugins, ie., dynamically loaded modules which
can be hooked into KNDView objects in much the same way as KNDGraphic,
KNDPacket, etc. Indeed, all the objects attached to KNDView, both those
built into the main executable, and those loaded dynamically, are
derived from the KNDPlugin class in order that KNDView is presented
with a common interface.

An instance of KNDView passes all relevant events to each plugin for
processing.

A plugin module should be a single dynamically linked library file,
which must provide a routine "getPlugin" as a standard interface; the
main executable is linked such that all global symbols are available
to the loaded file. Hence, it is not necessary to link any code which
is in the main executable into the dynamic module.

The "getPlugin" routine returns a structure which contains one or
more plugins (ie., objects derived from the KNDPlugin class). The KNDView
objects attaches them in the same way as KNDGraphic and KNDPacket, so
they appear as additional tabs.

See the file PLUGINS for additional information. Five plugins are included
in this distribution

	* KNDSummary 	a network traffic summary display
	* KNDEndToEnd	summaries traffic by network endpoint
	* KNDDNS	monitors DNS requests and replies
	# KNDTcpIP	monitore TCP/IP data streams
	* KNDDemo	a simple test/demonstration plugin.