Ethereal-dev: [ethereal-dev] Viewing packets while capturing...
Hi there...
I noticed that top on your wishlist is to be able to view packets while
capturing. You might wish to do it similarly to the way I did it in my
sniffer, using threads (my sniffer is at
http://www.ozemail.com.au/~peterhawkins/gnusniff.html).
Start a seperate thread to do capturing.
pthread_t capture_thread;
pthread_attr_t attr;
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
if (pthread_create(&capture_thread, &attr, (void *)sniff_func,
mydata) != 0)
{
fprintf(stderr, "Error creating the capture thread!\n");
exit(1);
}
Basically a detached thread which does nothing but:
do
{
pcap_loop(blah blah blah);
} while (1);
return 1;
You can stop the capture by running pthread_cancel(capture_thread);
Arrange things so that your pcap dispatcher feeds the packets directly
into your decoding and display routines, rather than via a file. (or use
a pipe? But that seems unnecessarily messy...)
To arrange display updates, set a gtk timer to run a display update
every so often. Kill the timer when you stop capturing.
This also rather neatly solves the problem of capturing on multiple
interfaces at once. You simply start a second thread for a second
interface.
Maybe ethereal also needs a more permanent record of interfaces? Rather
than determining this just before sniffing, have a linked list of
interfaces, which contain things like the pcap_t for the interface, the
thread for the interface, various mutexes for threading, and interface
statistics. Again like I have in my program...
:-)
Peter
