self-made pcap_t struct

[Julien Iguchi-Cartigny <cartigny () msi unilim fr>]

Hello,

I'm trying a little experiment called uml_dump which connect to 
uml_switch (used to relay messages between user-mode linux instances) 
with the goal to dump packet for ethereal. It would be interesting for 
educational purposes: students can see packets between "emulated" linux.

I already made a little program which connect to uml_sniff and receive a 
copy of each packet. But now I need to dump byte arrays (each packet) to 
a file or the standard output in CAP format.

The best solution is to use libpcap but It doesn't seem easy. My first 
solution was to create my own instance of pcap_t and change function 
pointers to my own functions. But on most distribution pcap-int.h is not 
available (this file is only used to create the library), and people who 
wants to use the API just manipulate the pointer to the instance of 
struct pcap_t.

Is there any solutions, because the only one I see is to modify libpcap 
to create a "false" device ? My Plan B is to dump by myself the cap 
file, but It would be boring and not elegant ;-)

Thank you.

Cheers,

Julien.

Attachment: cartigny.vcf
Description:

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.