Chris,
A simpler alternative might be to implement a daemon that listens on a
socket and writes to a pipe (or plain file) using the pcap format. All
you need to do is handle the open/close pipe signals to handle the
start/stop capture in ethereal. I believe that the code for this is
reasonably simple and would be easier to implement than abstracting the
capture interface.
Hope this helps,
Anand
At 12:22 PM 8/17/2002 -0700, Chris Waters wrote:
Hi,
I want to add an alternative packet capture mechanism to Ethereal. i.e.
instead of getting the packets from pcap, I want to receive them over a
socket from another machine. I have spent half an hour reading the sources,
but it doesn't appear like the packet capture interface is abstracted. It
seems like everything is very tightly tied to pcap.
It looks like capture-wpcap.c encapsulates the winpcap DLL. How is this done
under Unix? I couldn't find an equivalent libpcap file. Does it use
capture-wpcap.c as well?
I guess I could make a library which has the same API as pcap, but this
doesn't make it easy for a user to switch between a local capture and a
remote capture. Ideally I would like the new capture source to appear in the
drop-down list as an adapter.
Anyway, I am looking for ideas about the best way to abstract the capture
interface to make it possible to add a new capture mechanism.
Thanks,
Chris.
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
--
Anand V. Narwani, CCIE 3892
Advanced Engineering Services
Cisco Systems, Inc.
Direct/Fax: 919.392.3404
Email: anarwani@xxxxxxxxx
"Meddle not in the affairs of dragons, for you are crunchy and taste good
with ketchup"
