tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using the decoders in other applications?

From: Neil Spring <nspring () cs washington edu>
Date: Tue, 13 Jan 2004 11:45:22 -0800
Hi Aaron,
I've done this in scriptroute (www.scriptroute.org/source/scriptroute-0.2.43.tar.gz). Scriptroute is a system for network measurement where small scripts, written in ruby, express the logic of a lightweight active network measurement, like traceroute or sprobe. I link tcpdump code to a ruby interpreter so that an object of class "packet"'s to_string method returns what tcpdump would print.
I think I have to go one step further than you do, because making a to_string method involves redefining printf to be strcat; tcpdump already sends data to stdout.
The remaining steps are roughly: 1) include enough in your configure.in so that the tcpdump code is configured (not hard). 2) unpack tcpdump source in a subdirectory. 3) supply a bunch of symbols in a .c file so that the tcpdump code is happy to link. 4) call ipN_print().
If you look at the scriptroute code, these are the build steps for libppacket.a; the only code I provide is in packet-tostring.[ch], the rest is tcpdump code with printf, fputs, and putc redefined. 

I don't want to say it's the best way, but it works.

good luck,
-neil

On Jan 13, 2004, at 11:29 AM, Aaron Turner wrote:


Hey everyone,

I'm sure many of you are somewhat familar with tcpreplay which I
currently maintain (http://tcpreplay.sf.net for those of you not).
Lately I've recieved a few requests to add support for decoding of
packets to STDOUT as they are sent on the wire.

Obviously, I have no wish to reinvent the wheel, and I immediately
started looking at figuring out a way to optionally link, include, etc
the tcpdump code.

Turns out that this appears to be a lot more complicated then I had
hoped.  So I figured I'd email the list and try to find out:

1) If anyone has done something like this before and had some
suggestions?

2) If any plans have been made to modularize/librarize the code so that
the decoders could be used in other applications without declaring a
bunch of global variables?

3) If someone has a better idea of how to accomplish the above goal.

Thanks,
Aaron

--
Aaron Turner <aturner at pobox.com|synfin.net>  http://synfin.net/
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin
All emails are PGP signed; a lack of a signature indicates a forgery.


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: