tcpdump mailing list archives

Questions about pcap_read() function

From: "Varuna De Silva" <varunax () gmail com>
Date: Tue, 25 Sep 2007 18:49:49 +0530

Hello,

I am trying to add support for my device in libpcap(/winpcap) and I have
some
doubts regarding the xxx_read() function in the pcap-xxx.c file. This
function is there
for the packets to be read in, as I understand. For a previous reply I got
the following.

 .................. routine that takes, as an argument, apointer to a

pcap_t, a count, a pointer

to a callback routine, and a"u_char *" pointer,
and that waits a buffer full of packets to arrive


What is this buffer full of packets, Shouldnot I worry about this?

and, when it arrives, calls the callback routine for each packet,passing

it, as arguments, the

"u_char *", a pointer to a header givingthe arrival time of the packet,

the packet's length, and

the amount of packet data captured;

What is the difference between packets length and and amount of packet data
captured?

I am capturing SS7message frames to be sent to WireShark. does this "packet"
mean
the SS7 frame in my case ?
If So can I capture part of my packet as is depicted by "amount of packet
data captured"

Now I have given a handle to my device after opening in at xxx_open_live().
So I have to use
that handle here to read the data from the device at xxx_read() right!
please correct me?
Next we have to remove the frame delimiters(HDLC), to get raw SS7 messages.
( We had to
do it at software level at least for now) These data will be stored in an
ring buffer ( implemented
simply as an array) Next is when we access frame by frame with a pointer.

My question is that can all these things go in xxx_read() or only the
message by message
access is possible here, and filtering part do we have to do it in another
thread.

Next when I callback, for each packet ( a frame if the answer to a previous
question is yes)
as below

callback(user, &pcap_header, dp);

Should this dp ( pointer to the data) point to the starting point of a frame
stored in the array
mentioned above? Or is it something else.


Thank you very much

Xavier
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Questions about pcap_read() function Varuna De Silva (Sep 25)
- Questions about pcap_read() function Varuna De Silva (Sep 26)
- Re: Questions about pcap_read() function Guy Harris (Sep 28)
- <Possible follow-ups>
- Re: Questions about pcap_read() function Varuna De Silva (Sep 29)
  - Re: Questions about pcap_read() function Guy Harris (Sep 29)