tcpdump mailing list archives
wireshark extension for a Kernel Module (like Usbmon)
From: Christian via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Mon, 7 Mar 2022 14:55:13 +0100
--- Begin Message --- From: Christian <chris () argonautx net>
Date: Mon, 7 Mar 2022 14:55:13 +0100
hello out there, I created a kernel probe module and I want to watch the outputs of that module with pcap/Wireshark or tcpdump... Just like usbmon. My prefered tool is dumpcap. So I defined a char device in the dev-directory /dev/kpnode from which the pcap interface can read the output of that module. In order to enable reading, I started to place a handler function into libpcap: In pcap.c I put in #ifdef PCAP_SUPPORT_KPNODE #include "pcap-kpnode.h" #endif and later: #ifdef PCAP_SUPPORT_KPNODE { kpnode_findalldevs, kpnode_create }, #endif further down: #ifdef PCAP_SUPPORT_KPNODE || strstr(device, "kpnode") != NULL #endif The functions kpnode_findalldevs and kpnode_create are in my files pcap-kpnode.c and pcap-kpnode.h. They are not finished yet but the subject of this mail is for now, how to connect these functions into libpcap and Wireshark so that they are evoked if a device /dev/kpnode emerges. Further I added an entry to configure.ac: AC_DEFINE(PCAP_SUPPORT_KPNODE, 1, [target host supports Linux kpmode]) Im not sure if editing the autoconf input file is too much, because I don't want to commit my changes to other platforms, it's just a small project of my own. But there are also some entries for USBMON in e.x. CMakeList.txt and more. After execution of the configure script I put manually my files into the EXTRA_DIST list. But so far, when I build the pcap library not even the symbol kpnode appears in the binary but there is an object file of my handler file pcap-kpnode.c. So my changes are not in the library. I use the master branch sources of last week and gcc version 11.2.0 of Debian testing. What did I miss to integrate my handlers into pcap library? Thank you in advance BR /Christian
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- wireshark extension for a Kernel Module (like Usbmon) Christian via tcpdump-workers (Mar 07)
- Re: wireshark extension for a Kernel Module (like Usbmon) Guy Harris via tcpdump-workers (Mar 07)
- Message not available
- Re: wireshark extension for a Kernel Module (like Usbmon) Christian via tcpdump-workers (Mar 08)
- Re: wireshark extension for a Kernel Module (like Usbmon) Christian via tcpdump-workers (Mar 08)
- Re: wireshark extension for a Kernel Module (like Usbmon) Christian via tcpdump-workers (Mar 08)