Re: libpcap : Reading from kernel interface

[madhuresh <madhurag () iitk ac in>]

Guy Harris wrote:
> On Aug 30, 2006, at 10:48 AM, madhurag () iitk ac in wrote:
>
> > I wish to use hostap (a driver for wireless cards) + libpcap + 
> > tcpdump to
> > bring some extra details of the packets in the user space.
>
> What sort of extra details?
Due to the present structure of linux kernel, there are many details 
(for example signal strength) which are stripped by the network device 
driver.  But i need these details towards some experiments.
> > I wish to know that how libpcap reads the packet from the 
> > kernel/interfaces.
>
> The only "hostap driver" I know of is the one in Linux.  In Linux, 
> libpcap reads the packet from a PF_PACKET socket.
Yes you are right. I was mentioning about hostap-driver-0.4.7 which 
works as a module with linux kernel. So is it a netlink socket ?
> > For my purpose, i have to implement an interface in the hostap code 
> > (which
> > i shall be registering with the kernel).
>
> Why do you have to implement a separate interface?
I was thinking of copying the packets (with these extra details) to this 
new interface from which libpcap can read. Say this interface is xyz0, 
so when tcpdump is invoked like ./tcpdump -i xyz0, then libpcap should 
read from the new interface.

Please let me know if i am thinking in the right direction.
Any other nice approach to get these extra details from kernel space to 
user space ?
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.


--
Madhuresh Agrawal
Senior Undergraduate
Department of Computer Science and Engineering
Indian Institute of Technology
Kanpur - 208016
Phone : (+91) 9935184990
HomePage: http://home.iitk.ac.in/~madhurag


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.