Changeset c681e86
- Timestamp:
- 06/22/04 17:23:07 (17 years ago)
- Branches:
- 4.0.1-hotfixes, cachetimestamps, develop, dpdk-ndag, etsilive, getfragoff, help, libtrace4, master, ndag_format, pfring, rc-4.0.1, rc-4.0.2, rc-4.0.3, rc-4.0.4, ringdecrementfix, ringperformance, ringtimestampfixes
- Children:
- a9d9fd6
- Parents:
- c792590
- Location:
- lib
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
lib/Makefile
r101aa76 rc681e86 10 10 11 11 CURRENT=1 12 REVISION= 212 REVISION=3 13 13 AGE=0 14 14 -
lib/libtrace.h
r2c060e3 rc681e86 261 261 * @author Perry Lorier 262 262 * @note Due to this being a header capture, or anonymisation, this may not 263 * be the same size as the original packet. See get Len() for the original263 * be the same size as the original packet. See get_wire_length() for the original 264 264 * size of the packet. 265 265 * @note This can (and often is) different for different packets in a trace! … … 305 305 struct libtrace_t *libtrace, 306 306 void *buffer, 307 int buflen); 307 int buflen); 308 308 309 309 /** Get the destination MAC addres … … 347 347 void *buffer, int *size); 348 348 349 /** setup a BPF filter 350 * @param libtrace the libtrace opaque pointer 351 * @param filterstring a char * containing the bpf filter string 352 * @returns null 353 * @author Daniel Lawson 354 */ 355 void libtrace_bpf_setfilter(struct libtrace_t *trace, char *filterstring); 356 357 /** apply a BPF filter 358 * @param libtrace the libtrace opaque pointer 359 * @param buffer a pointer to a filled buffer 360 * @param buflen the length of the buffer 361 * @returns the return value from bpf_filter 362 * @author Daniel Lawson 363 */ 364 int libtrace_bpf_filter(struct libtrace_t *trace, 365 void *buffer, 366 int buflen); 367 368 349 369 #endif // _LIBTRACE_H_ -
lib/trace.c
rdadc609 rc681e86 28 28 #include "libtrace.h" 29 29 #include "fifo.h" 30 31 #include <net/bpf.h> 32 #include <pcap.h> 30 33 31 34 #include "dagformat.h" … … 61 64 int size; 62 65 } packet; 66 struct bpf_insn *filter; 67 char * filterstring; 63 68 double last_ts; 64 69 double start_ts; … … 687 692 struct pcap_pkthdr *pcapptr = 0; 688 693 uint64_t ts; 689 uint32_t seconds;694 //uint32_t seconds; 690 695 switch (libtrace->format) { 691 696 case PCAPINT: … … 994 999 assert(0); 995 1000 } 1001 1002 /** apply a BPF filter 1003 * @param libtrace the libtrace opaque pointer 1004 * @param filterstring a char * containing the bpf filter string 1005 * @returns null 1006 * 1007 * @author Daniel Lawson 1008 */ 1009 void libtrace_bpf_setfilter(struct libtrace_t *trace, char *filterstring) { 1010 trace->filterstring = strdup(filterstring); 1011 } 1012 1013 /** apply a BPF filter 1014 * @param libtrace the libtrace opaque pointer 1015 * @param buffer a pointer to a filled buffer 1016 * @param buflen the length of the buffer 1017 * @returns 0 if the filter fails, 1 if it succeeds 1018 * @author Daniel Lawson 1019 */ 1020 int libtrace_bpf_filter(struct libtrace_t *trace, 1021 void *buffer, 1022 int buflen) { 1023 1024 int linktype = get_link_type(trace,buffer,buflen); 1025 void *linkptr = get_link(trace,buffer,buflen); 1026 int clen = get_capture_length(trace,buffer,buflen); 1027 1028 if (trace->filterstring && ! trace->filter) { 1029 pcap_t *pcap; 1030 struct bpf_program bpfprog; 1031 1032 switch (linktype) { 1033 case TYPE_ETH: 1034 pcap = pcap_open_dead(DLT_EN10MB, 1500); 1035 break; 1036 default: 1037 printf("only works for ETH at the moment\n"); 1038 assert(0); 1039 } 1040 1041 // build filter 1042 if (pcap_compile( pcap, &bpfprog, trace->filterstring, 1, 0)) { 1043 printf("bpf compilation error: %s\n", 1044 pcap_geterr(pcap)); 1045 assert(0); 1046 } 1047 pcap_close(pcap); 1048 trace->filter = bpfprog.bf_insns; 1049 } 1050 1051 return bpf_filter(trace->filter, linkptr, clen, clen); 1052 } 1053 1054
Note: See TracChangeset
for help on using the changeset viewer.
