I've done this in scriptroute (www.scriptroute.org/source/scriptroute-0.2.43.tar.gz). Scriptroute is a system for network measurement where small scripts, written in ruby, express the logic of a lightweight active network measurement, like traceroute or sprobe. I link tcpdump code to a ruby interpreter so that an object of class "packet"'s to_string method returns what tcpdump would print.
I think I have to go one step further than you do, because making a to_string method involves redefining printf to be strcat; tcpdump already sends data to stdout.
The remaining steps are roughly: 1) include enough in your configure.in so that the tcpdump code is configured (not hard). 2) unpack tcpdump source in a subdirectory. 3) supply a bunch of symbols in a .c file so that the tcpdump code is happy to link. 4) call ipN_print().
If you look at the scriptroute code, these are the build steps for libppacket.a; the only code I provide is in packet-tostring.[ch], the rest is tcpdump code with printf, fputs, and putc redefined.
I don't want to say it's the best way, but it works.
good luck, -neil
On Jan 13, 2004, at 11:29 AM, Aaron Turner wrote:
Hey everyone,
I'm sure many of you are somewhat familar with tcpreplay which I currently maintain (http://tcpreplay.sf.net for those of you not). Lately I've recieved a few requests to add support for decoding of packets to STDOUT as they are sent on the wire.
Obviously, I have no wish to reinvent the wheel, and I immediately started looking at figuring out a way to optionally link, include, etc the tcpdump code.
Turns out that this appears to be a lot more complicated then I had hoped. So I figured I'd email the list and try to find out:
1) If anyone has done something like this before and had some suggestions?
2) If any plans have been made to modularize/librarize the code so that the decoders could be used in other applications without declaring a bunch of global variables?
3) If someone has a better idea of how to accomplish the above goal.
Thanks, Aaron
-- Aaron Turner <aturner at pobox.com|synfin.net> http://synfin.net/ They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin All emails are PGP signed; a lack of a signature indicates a forgery.
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
