tcpdump mailing list archives

Re: Initializing a device

From: Guy Harris <guy () alum mit edu>
Date: Wed, 4 Jan 2012 16:36:05 -0800


On Jan 4, 2012, at 4:10 PM, Akos Vandra wrote:

When opening a capture device, is it possible to hand off some
initialization data to the libpcap handler?


Yes.

The ways to do that would either be to

        1) have the device name include parameters such as that

or

        2) add new APIs to be called between pcap_create() and pcap_activate() to set the parameters.

We currently do not use 1) for any devices; 2) is used not only for parameters that apply to most if not all devices 
but also to parameters that apply to, for example, 802.11 devices (monitor mode).

The former would have the advantage that using those capabilities would not require any UI changes to tcpdump or 
Wireshark or....

The latter would have the advantage that, at least for a GUI, you could provide a possibly-more-convenient UI, e.g. in 
Wireshark's Capture->Options dialog.  Whether a command-line argument to tcpdump/TShark/dumpcap/etc. would be more 
pleasant to use than adding ",baudrate=XXXX" to the end of the device name is another matter.

For example, I have just added a handler for a canusb device. When
opening the device, it would be nice if it was possible to set the
baud rate, etc.
Would it be possible to use the BPF filter for this?


No.

The filter is simply a way to discard packets deemed as "uninteresting", and possibly to do so at a low-enough level to 
keep them from using up CPU time to copy them, buffer resources in the capture mechanism, etc..

(btw, I don't
really understand what BPF filters are, where can I get some
documentation on this?)


You might look at

        http://www.tcpdump.org/papers/bpf-usenix93.pdf

and at the pcap and pcap-filter man page, and maybe

        http://sharkfest.wireshark.org/sharkfest.11/presentations/McCanne-Sharkfest'11_Keynote_Address.pdf

as well.

is the inject_op operation for sending data through the device?


Yes.  It's what implements pcap_inject() and pcap_sendpacket().  (The two routines exist because WinPcap added one of 
those routines and OpenBSD's libpcap added another, with different names and slightly different return values, and we 
wanted to allow software written for either of those APIs to work with standard libpcap.)-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Initializing a device Akos Vandra (Jan 04)
- Re: Initializing a device Sam Roberts (Jan 04)
- Re: Initializing a device Guy Harris (Jan 04)
  - Re: Initializing a device Akos Vandra (Jan 05)
    - Re: Initializing a device Guy Harris (Jan 06)
    - Re: Initializing a device Akos Vandra (Jan 06)
    - Re: Initializing a device Jakub Zawadzki (Jan 06)
    - Re: Initializing a device Akos Vandra (Jan 06)
    - Re: Initializing a device Guy Harris (Jan 11)
    - Re: Initializing a device Akos Vandra (Jan 12)
    - Re: Initializing a device Guy Harris (Jan 12)
    - Re: Initializing a device Akos Vandra (Jan 12)
    - Re: Initializing a device Akos Vandra (Jan 17)

(Thread continues...)