libnd_tcpdump 3 LIBNETDUDE Library libnd_tcpdump extern int libnet_tcpdump_print_timestamp; gboolean libnd_tcpdump_init (void); gboolean libnd_tcpdump_open (LND_Trace *trace); void libnd_tcpdump_send_header (LND_Trace *trace); void libnd_tcpdump_close (LND_Trace *trace); gboolean libnd_tcpdump_get_packet_line (const LND_Packet *packet, char *output, int output_len, gboolean find_context); void libnd_tcpdump_options_reset (void); void libnd_tcpdump_options_add (const char *option); libnet_tcpdump_print_timestampextern int libnet_tcpdump_print_timestamp; libnd_tcpdump_initgboolean libnd_tcpdump_init (void); This function initializes the communication system with tcpdump processes. Calling this is the job of the libnetdude bootstrapper, you do not need this function. Returns : TRUE if initialization was successful, FALSE otherwise. libnd_tcpdump_opengboolean libnd_tcpdump_open (LND_Trace *trace); The function forks a new tcpdump process and send the pcap file header, if available. The tcpdump options you desire can be set using libnd_tcpdump_options_reset() and libnd_tcpdump_options_add() before calling this function. The -l and -r options are always passed; -nnn, -N, -q, and -e are set depending on the values of the tcpdump_resolve, tcpdump_domains, tcpdump_quick, and tcpdump_print_link preferences settings in the LND_DOM_NETDUDE domain. You can call this function repeatedly to kill an existing tcpdump connection and create a new one. trace : trace to create tcpdump process for. Returns : TRUE if operation was successful, FALSE otherwise. libnd_tcpdump_send_headervoid libnd_tcpdump_send_header (LND_Trace *trace); If the trace's file header was not available at the time you opened the connection to tcpdump (using libnd_tcpdump_open()), you can use this function to now send it. NOTE: tcpdump expects the trace file header to be the first input data it receives, so you cannot use this function once you've sent packet data, and you cannot send packet data unless you've previously sent a trace file header. trace : trace whose header to send to the connected tcpdump process. libnd_tcpdump_closevoid libnd_tcpdump_close (LND_Trace *trace); The function kills trace's existing tcpdump connection, if any. trace : trace whose tcpdump connection to close. libnd_tcpdump_get_packet_linegboolean libnd_tcpdump_get_packet_line (const LND_Packet *packet, char *output, int output_len, gboolean find_context); The function sends packet's raw data to the connected tcpdump process and writes at most output_len bytes of the returned output into output. libnetdude can maintain state for TCP connections independently of tcpdump, so you can request contextual output (relative SYN and ACK numbers) using the find_context flag). packet : packet to retrieve tcpdump output of. output : string buffer that receives the tcpdump output. output_len : length of output. find_context : whether to look up context or not. Returns : TRUE on success, FALSE otherwise. libnd_tcpdump_options_resetvoid libnd_tcpdump_options_reset (void); The function resets any tcpdump options set using libnd_tcpdump_options_add(). libnd_tcpdump_options_addvoid libnd_tcpdump_options_add (const char *option); The function registers option as an additional command line option to pass to future forks of tcpdump processes. The flags you have requested can be reset to the default (see libnd_tcpdump_open()) using libnd_tcpdump_options_reset(). option : new command line option.