tcpdump mailing list archives

Re: Pcap debug at runtime

From: Francois-Xavier Le Bail <devel.fx.lebail () orange fr>
Date: Tue, 28 Feb 2023 17:01:51 +0100

On 20/02/2023 21:18, Guy Harris wrote:

On Feb 20, 2023, at 12:15 PM, Paschal Chukwuebuk Amusuo <pamusuo () purdue edu> wrote:

Please, is there a way to print out debug statements at runtime when using pcap?


Debug statements in your program?  Add printf() or fprintf(stderr, ...) or... calls to your program.

Debug statements in libpcap?  Get the libpcap source, add printf() or fprintf(stderr, ...) or... calls to it, build 
it, install it, and compile your program with it.


In addition to printf()/fprintf(), here is a brand new way to help debugging a program using libpcap, currently only 
tested on Debian Linux (stable).

(Similar method to the one available with tcpdump and tcpslice.)

The goal is to generate instrumentation calls for entry and exit to functions.
Just after function entry and just before function exit, the profiling functions are called and print the function 
names with indentation and call level.
If entering in a function, print also the calling function name with file name and line number. There may be a small 
shift in the line number.

To use it:
(There will be a doc entry based on this topic later.)

1) sudo apt install binutils-dev

2) git clone (or pull) the libpcap project, main branch.
configure and build with:
$ ./autogen.sh
$ ./configure --quiet --enable-instrument-functions
$ make -s clean all

3) To test the method, create a project directory in the same parent directory than libpcap.
|-- libpcap
|-- my_project

cd in the project directory.
Copy an existing program to test.
$ cp -vai ../libpcap/testprogs/findalldevstest.c my_project.c

Build with the following Makefile:
(Also attached.)
--------------------------------------------------------------------------
PROG = my_project

all: $(PROG)

$(PROG): ../libpcap/libpcap.a
        gcc -O0 -ggdb -finstrument-functions \
        -I../libpcap \
        -o $(PROG) $(PROG).c ../libpcap/instrument-functions.c \
        -lbfd -no-pie \
        ../libpcap/libpcap.a \
        $$(../libpcap/pcap-config --additional-libs --static-pcap-only)

clean:
        @rm $(PROG)

instrument_all:
        @rm -f instrument_functions_global.devel
        @rm -f instrument_functions_off.devel

instrument_global:
        @touch instrument_functions_global.devel
        @rm -f instrument_functions_off.devel

instrument_off:
        @touch instrument_functions_off.devel
        @rm -f instrument_functions_global.devel
--------------------------------------------------------------------------

Run.

You should get something like:
--------------------------------------------------------------------------
[>> main (0)
 [>> pcap_findalldevs (1) from main my_project.c:144]
  [>> pcap_platform_finddevs (2) from pcap_findalldevs pcap.c:721]
   [>> pcap_findalldevs_interfaces (3) from pcap_platform_finddevs pcap-linux.c:1753]
    [>> can_be_bound (4) from pcap_findalldevs_interfaces fad-getad.c:207]
    [<< can_be_bound (4)
    [>> get_sa_len (4) from pcap_findalldevs_interfaces fad-getad.c:223]
    [<< get_sa_len (4)
    [>> add_addr_to_if (4) from pcap_findalldevs_interfaces fad-getad.c:266]
     [>> find_or_add_if (5) from add_addr_to_if pcap.c:1085]
      [>> get_if_description (6) from find_or_add_if pcap.c:1050]
      [<< get_if_description (6)
      [>> find_or_add_dev (6) from find_or_add_if pcap.c:1049]

{...}

 [<< pcap_lookupnet (1)
 [>> iptos (1) from main my_project.c:181]
 [<< iptos (1)
 [>> iptos (1) from main my_project.c:181]
 [<< iptos (1)
Preferred device is on network: 192.168.18.0/255.255.255.0
 [>> pcap_freealldevs (1) from main my_project.c:186]
 [<< pcap_freealldevs (1)
--------------------------------------------------------------------------

By default, all the function calls are printed.

To configure the printing of only the global functions names:
$ make instrument_global

To go back to print all the functions names:
$ make instrument_all

To print nothing, like with no instrumentation:
$ make instrument_off

Hope this help.

Attachment: Makefile
Description:

_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

Current thread:

Pcap debug at runtime Paschal Chukwuebuk Amusuo (Feb 20)
- Re: Pcap debug at runtime Guy Harris (Feb 20)
  - Re: Pcap debug at runtime Paschal Chukwuebuk Amusuo (Feb 20)
  - Re: Pcap debug at runtime Francois-Xavier Le Bail (Feb 28)
    - Re: Pcap debug at runtime Denis Ovsienko (Mar 01)
    - Re: Pcap debug at runtime Francois-Xavier Le Bail (Mar 02)
    - Re: Pcap debug at runtime Francois-Xavier Le Bail (Mar 14)
    - Re: Pcap debug at runtime Denis Ovsienko (Mar 18)