Wireshark · Ethereal-dev: Re: [Ethereal-dev] new media support(Intel/Septel cards)

[Guy Harris <gharris@xxxxxxxxx>]

gilbert HOYEK wrote:

> 1-do i have to make modifications to only these functions in 
> pcap-septel.c so that my prog could at less sniff packets from my device :
>
> septel_open_live
>
> a "read" routine, to read packets from the device and supply them;
>
> a "stats" routine, to supply packet counts;
>
> a "close" routine, to close the device.
>
> because there is a lot more in pcap-dag.c like:
>
> delete_pcap_dag(pcap_t *p)
> dag_platform_close(pcap_t *p)
> atexit_handler(void)
> new_pcap_dag(pcap_t *p)
> dag_platform_finddevs(pcap_if_t **devlistp, char *errbuf)
>
> dag_setfilter(pcap_t *p, struct bpf_program *fp)
> dag_set_datalink(pcap_t *p, int dlt)
> dag_get_datalink(pcap_t *p)

dag_platform_close() is the "close" routine for DAG cards, as in

	a "close" routine, to close the device.

For DAG cards, apparently simply closing the file descriptor for the DAG 
card isn't sufficient to shut down the card - they call "dag_stop()" 
before calling "dag_close()".

When a UN*X or Windows process exits, all open file descriptors/handles 
the process has are closed, so if the open routine in Intel's library 
for the Septel cards gives you a UN*X file descriptor or Windows HANDLE, 
and there isn't any close routine in that library, so you close it by 
calling "close()" on the file descriptor/"CloseHandle()" on the HANDLE, 
*and* if there's no extra information you have to allocate and attach to 
the "pcap_t", you could just use "pcap_close_common()" as the close 
routine for the Septel cards.

Otherwise, you'll have to write your own close routine, although, on 
UN*X, it should probably call "pcap_close_common()" to close the file 
descriptor and free the buffer attached to the pcap_t *if* you allocate 
a buffer.

In addition, if you have to close the Septel card by calling a routine 
in Intel's library, and can't, if the process exits, rely on 
UN*X/Windows to close the cards for you (you might have to check the 
Intel documentation to see whether that's the case), you'd need an 
"atexit_handler()" routine similar to the one the DAG code has, and 
you'd need to maintain a list of all the "pcap_t"s that refer to Septel 
cards, similar to the "pcap_dags" list.  You'd register 
"atexit_handleer()" to be called on an exit by calling "atexit()".

"new_pcap_dag()" and "delete_pcap_dag()" are routines used to create and 
delete entries in the "pcap_dags" list; you'd need equivalent routines 
only if you have to provide a similar list.

As per my response to your tcpdump-workers list message, you probably 
want an equivalent to "dag_platform_finddevs()":

	You'd also want to modify the "pcap_platform_finddevs()" routine to, if 
 you were building with support for the Septel cards, call a routine in 
"pcap-septel.c" to supply a list of names for the Septel devices, so 
they show up when interfaces are enumerated (e.g., when Ethereal shows 
its drop-down list of interfaces, or when Tethereal - or tcpdump, if you 
add SS7 decoding support to it - are run with the "-D" flag). 
"pcap_add_if()" is the routine it'd call to add an interface to the 
list; see, for example, "dag_platform_finddevs()" in "pcap-dag.c".

As for "dag_setfilter()", I thought I remembered discussing that, but I 
can't find anything in my mail about that.  The Septel cards probably 
can't do any BPF filtering in their firmware, so you wouldn't need an 
equivalent to "dag_setfilter()".

The "set_datalink()" and "get_datalink()" routines would be needed only 
if, for example, you could support capturing with MTP2 and MTP3 headers 
or only with MTP3 headers.  It sounds as if you'll always be supplying 
MTP2 headers, so you won't need those routines.

> 2- i did not get this :
>
> You'd have to set the various "_op" members of the "pcap_t" structure to 
> point to those routines.  Set the "set_datalink_op" member to NULL.

See the code in "dag_open_live()" that does

        handle->read_op = dag_read;
        handle->inject_op = dag_inject;
        handle->setfilter_op = dag_setfilter; 

        handle->set_datalink_op = dag_set_datalink;
        handle->getnonblock_op = pcap_getnonblock_fd;
        handle->setnonblock_op = dag_setnonblock;
        handle->stats_op = dag_stats;
        handle->close_op = dag_platform_close;

That sets up the "pcap_t" so that, for various libpcap operations, the 
DAG routines in question will be called.  You'd do something similar.

> 3- do i need the full name of my device from /dev/     i.e. : 
> septel0,septel1 ....or does the fact that i am comparing my dev to the 
> string septel is enough in :
> if (strstr(device, "septel")) {
>                return septel_open_live(device, snaplen, promisc, to_ms, 
> ebuf);

That should be sufficient - for other devices, "/dev/" is not required 
(you can capture on, for example, "eth0" or "/dev/eth0"; the "/dev/" is 
somewhat strange here, as, on most UN*Xes, there are no entries in 
"/dev" for network interfaces).