Re: self-made pcap_t struct

[Guy Harris <guy () alum mit edu>]

On May 9, 2009, at 12:42 PM, Julien Iguchi-Cartigny wrote:

> The best solution is to use libpcap but It doesn't seem easy. My  
> first solution was to create my own instance of pcap_t and change  
> function pointers to my own functions. But on most distribution pcap- 
> int.h is not available (this file is only used to create the library),

Correct.

Furthermore, there is *absolutely no guarantee* that the layout of a  
pcap_t will remain the same between releases of libpcap, between  
platforms even for the same release of libpcap, or even between  
*devices* on the *same* platform with the same version of libpcap.

> and people who wants to use the API just manipulate the pointer to  
> the instance of struct pcap_t.

Correct.  The API - and ABI - is defined in terms of *opaque* pointers  
to pcap_t, *not* in terms of what a pcap_t points to.

> Is there any solutions, because the only one I see is to modify  
> libpcap to create a "false" device ?

That's the solution.  Libpcap, unfortunately, currently doesn't  
support loadable third-party plugins, but if you add a pcap-uml.c (or  
whatever you call it) to libpcap - licensed under a BSD-compatible  
license - we might be wiling to accept it as part of libpcap.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.