| |
NGREP-LIB(3) User Manuals NGREP-LIB(3)
NAME
ngrep-lib - network grep library
DESCRIPTION
The ngrep library is a front-end for accessing the Packet
Capture Library (libpcap) without going through the hassle
of programming the filters, making sure you pick the right
size for the header etc.
USAGE
Needed include-files are:
#include <pcap.h>
#include <ngrep-lib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip icmp.h>
#include <net/if arp.h>
#include <arpa/inet.h>
These are the functions to access the library:
void ngrep callback arp(void *my arp);
void ngrep callback ip(void *my ip);
void ngrep callback tcp(void *my tcp);
void ngrep callback udp(void *my udp);
void ngrep callback icmp(void *my icmp);
void ngrep callback process(void *my ip, void *my tcp,
void *my udp, void *my icmp);
This function initializes the callback functions for
ngrep. They can be NULL, in which case there is no call-
back. ngrep callback process is defined for historical
reasons.
void ngrep callback info(void *my info, void *my stats);
This function initializes the callback functions for info.
The first is actually the same first lines with the output
of ngrep, with the interface, filter, match and output
information. The second is the output at the end where you
get the amount of received and dropped packets.
void ngrep setfilter(char *bpffilter, char *matchexpres-
sion, char *options);
This function initializes the filter, the match expression
and the options. The parameters are the same as you use
them on the command line for ngrep. For example:
ngrep_setfilter("port 4000 or icmp",NULL,"-d tun0");
void ngrep run(void);
This function runs ngrep.
void ngrep main(char *bpffilter, char *match, char
*options);
This function is the same as calling ngrep_setfilter() and
ngrep_run();
CALLBACK FUNCTIONS
void my ip(struct ip *iphdr);
This callback function has one parameter: the IP header.
This one should be used as the first parameter with
ngrep callback process(). It will be called when an IP
packet has arrived during ngrep run().
void my tcp(struct ip *iphdr, struct tcphdr *tcphdr, char
*data,int len);
void my udp(struct ip *iphdr, struct udphdr *udphdr, char
*data,int len);
void my icmp(struct ip *iphdr, struct icmp *icmphdr, char
*data,int len);
void my arp(struct arphdr *arphdr);
These callback functions have four parameters: the IP
header, the TCP/UDP or ICMP header, the data and the size
of the data. These should be used as the second, third or
fourth parameter of ngrep callback process(). These will
be called when TCP, UDP or ICMP packets have arrived dur-
ing ngrep run().
void my info(char *interface, char *filter, char *match,
char *output);
This callback function is called during ngrep setfilter()
with information regarding the filters set by ngrep set-
filter().
void my stats(long received, long dropped);
This callback function is called after ngrep run() has
finished. It contains some statistical information.
See test-lib.c for how to use them.
LINKING
Use -lngrep -lpcap to link the executable.
OPTIONS
See the man-page of ngrep(8) for the syntax of the
options, match and bpffilter. The only option removed is
-q (quiet), that's now done via the info and stats call-
back function.
AUTHOR
ngrep written by Jordan Ritter .
ngrep-library written by Edwin Groothuis
.
REPORTING BUGS
Send bug reports to the author.
BUGS
At this moment, the maximum number of total spaces in the
parameters passed to ngrep_main() is 95.
The ARP callback function is only used for Ethernet net-
works.
SEE ALSO
pcap(3), ngrep(8)
Unix January 2002 NGREP-LIB(3)
|
|
|