On November 19, 2008 20:08, in comp.os.linux.networking,
(E-Mail Removed) ((E-Mail Removed)) wrote:
> On Nov 19, 9:53 pm, Maxwell Lol <nos...@com.invalid> wrote:
>> "lancer6...@yahoo.com" <lancer6...@yahoo.com> writes:
>> > Hi all,
>> > I'm writing a program using libpcap, and I have multiple pcap files in
>> > a folder that I want to capture.
>>
>> > I currently have
>>
>> > handle = pcap_open_offline("/data/traffic/pcap1.pcap", errbuf");
>>
>> > which works fine since pcap_open_offline() takes in a filename.
>> > However, I want to process multiple pcap files from the directory /
>> > data/traffic/ at once. Is there a way to do that?
>>
>> Sure. But it might help if you mention the language you are programming
>> in. Do you need to read these files simultaneously or. sequentially. Is
>> there a real-time need?
>>
>> Can you write a program that parses arguments?
>> Normally people would write a program that reads filenames from the
>> command line, i.e.
>>
>> myprogram /data/traffic/*.pcap
>>
>> Is this acceptable?
>
> I'm programming in C. The files can be read squentially. There is no
> real-time need.
>
> I can write a program that parses arguments, but I am now using the
> function glob which I believe would achieve the same results.
Hmmmm.... To each his own.
I'd find it easier to loop through multiple argv[] entries than I would to
(a) force the end user to single-quote the pathname so that the program
could run its own glob() call, and (b) loop through all the results of the
glob() call. But, you may be different.
> The glob function gives me the filenames of all the files in the
> directory, but I still have trouble getting pcap_open_offline to read
> from all the pcap files.
>
> I now have
>
> glob_t globbuf;
> glob("/data/traffic/*.pcap", GLOB_ERR, NULL, &globbuf);
> handle = pcap_open_offline(*(globbuf.gl_pathv), errbuf);
glob() returns a list of matching paths in gl_pathv, and a count of the
number of matching paths in gl_pathc (see the glob(3) manpage)
So, your code would really be...
glob_t globbuf;
if (glob("/data/traffic/*.pcap", GLOB_ERR, NULL, &globbuf) == 0)
{ /* glob() didnt encounter any errors */
/* loop through all the matched paths */
while (globbuf.gl_pathc-- > 0)
{ /* process one matched path */
/* use the path, advance to the next in the list */
handle = pcap_open_offline(*(globbuf.gl_pathv++), errbuf);
/* rest of the pcap_ processing goes here */
}
globfree(&globbuf);
}
> However, pcap_open_offline would only process the first pcap file in
> the globbuf.gl_pathv list.
Of course. pcap_open_offline knows nothing of the glob() list. It expects
only one path, not a list of paths.
> How do I get pcap_open_offline to process all files in the directory?
See my example above
> Or do I need to use another function?
Not really. Just use what glob() gives you.
You really want to read (and understand) glob(3) ("man 3 glob")
> If I were to use an array of "handle", one for each pcap file, how do
> I make sure pcap_loop will process each handle?
From the looks of the documentation (see pcap(3)), pcap_loop() loops through
the data in one (and only one) pcap_t * (that which you call 'handle'). You
make sure that pcap_loop() processes each handle by having pcap_loop()
process each handle. That is to say, all in all, your glob/pcap logic
should look something like
glob_t globbuf;
if (glob("/data/traffic/*.pcap", GLOB_ERR, NULL, &globbuf) == 0)
{ /* glob() didnt encounter any errors */
/* loop through all the matched paths */
while (globbuf.gl_pathc-- > 0)
{ /* process one matched path */
/* use the path, advance to the next in the list */
handle = pcap_open_offline(*(globbuf.gl_pathv++), errbuf);
while (pcap_loop(handle,...) > 0)
{
/* all the work is done by pcap_loop() */
/* so this can be a dummy statement */
}
pcap_close(handle);
}
globfree(&globbuf);
}
(Bear in mind that I've not written any pcap* code before, and am going just
by the manpage. The actual logic will probably be a lot more complex than
that)
HTH
--
Lew Pitcher
Master Codewright & JOAT-in-training | Registered Linux User #112576
http://pitcher.digitalfreehold.ca/ | GPG public key available by request
---------- Slackware - Because I know what I'm doing. ------
Similar Threads
Linear Mode
