Home Personal NGREP-LIB(3) User Manuals NGREP-LIB(3) Unix Programming Networking Documents NAME Other ngrep-lib - network grep library projects Contact me DESCRIPTION The ngrep library is a front-end for accessing the Packet Capture Library (libpcap) without going through the hassle of programming the filters, making sure you pick the right size for the header etc. USAGE Needed include-files are: #include #include #include #include #include #include #include #include #include #include #include #include These are the functions to access the library: void ngrep callback arp(void *my arp); void ngrep callback ip(void *my ip); void ngrep callback tcp(void *my tcp); void ngrep callback udp(void *my udp); void ngrep callback icmp(void *my icmp); void ngrep callback process(void *my ip, void *my tcp, void *my udp, void *my icmp); This function initializes the callback functions for ngrep. They can be NULL, in which case there is no call- back. ngrep callback process is defined for historical reasons. void ngrep callback info(void *my info, void *my stats); This function initializes the callback functions for info. The first is actually the same first lines with the output of ngrep, with the interface, filter, match and output information. The second is the output at the end where you get the amount of received and dropped packets. void ngrep setfilter(char *bpffilter, char *matchexpres- sion, char *options); This function initializes the filter, the match expression and the options. The parameters are the same as you use them on the command line for ngrep. For example: ngrep_setfilter("port 4000 or icmp",NULL,"-d tun0"); void ngrep run(void); This function runs ngrep. void ngrep main(char *bpffilter, char *match, char *options); This function is the same as calling ngrep_setfilter() and ngrep_run(); CALLBACK FUNCTIONS void my ip(struct ip *iphdr); This callback function has one parameter: the IP header. This one should be used as the first parameter with ngrep callback process(). It will be called when an IP packet has arrived during ngrep run(). void my tcp(struct ip *iphdr, struct tcphdr *tcphdr, char *data,int len); void my udp(struct ip *iphdr, struct udphdr *udphdr, char *data,int len); void my icmp(struct ip *iphdr, struct icmp *icmphdr, char *data,int len); void my arp(struct arphdr *arphdr); These callback functions have four parameters: the IP header, the TCP/UDP or ICMP header, the data and the size of the data. These should be used as the second, third or fourth parameter of ngrep callback process(). These will be called when TCP, UDP or ICMP packets have arrived dur- ing ngrep run(). void my info(char *interface, char *filter, char *match, char *output); This callback function is called during ngrep setfilter() with information regarding the filters set by ngrep set- filter(). void my stats(long received, long dropped); This callback function is called after ngrep run() has finished. It contains some statistical information. See test-lib.c for how to use them. LINKING Use -lngrep -lpcap to link the executable. OPTIONS See the man-page of ngrep(8) for the syntax of the options, match and bpffilter. The only option removed is -q (quiet), that's now done via the info and stats call- back function. AUTHOR ngrep written by Jordan Ritter . ngrep-library written by Edwin Groothuis . REPORTING BUGS Send bug reports to the author. BUGS At this moment, the maximum number of total spaces in the parameters passed to ngrep_main() is 95. The ARP callback function is only used for Ethernet net- works. SEE ALSO pcap(3), ngrep(8) Unix January 2002 NGREP-LIB(3) ------------------------------------------------------------------------------- $Id: ngrep-lib-man.php,v 1.1 2002/01/26 01:48:22 mavetju Exp $