Obtain filenames from a directory (Pcap program)

Discussion in 'Linux Networking' started by lancer6238, Nov 19, 2008.

  1. lancer6238

    lancer6238 Guest

    Hi all,
    I'm writing a program using libpcap, and I have multiple pcap files in
    a folder that I want to capture.

    I currently have

    handle = pcap_open_offline("/data/traffic/pcap1.pcap", errbuf");

    which works fine since pcap_open_offline() takes in a filename.
    However, I want to process multiple pcap files from the directory /
    data/traffic/ at once. Is there a way to do that?

    Thank you.

    Regards,
    Rayne
     
    lancer6238, Nov 19, 2008
    #1
    1. Advertisements

  2. lancer6238

    lancer6238 Guest

    I'm programming in C. The files can be read squentially. There is no
    real-time need.

    I can write a program that parses arguments, but I am now using the
    function glob which I believe would achieve the same results.

    The glob function gives me the filenames of all the files in the
    directory, but I still have trouble getting pcap_open_offline to read
    from all the pcap files.

    I now have

    glob_t globbuf;
    glob("/data/traffic/*.pcap", GLOB_ERR, NULL, &globbuf);
    handle = pcap_open_offline(*(globbuf.gl_pathv), errbuf);

    However, pcap_open_offline would only process the first pcap file in
    the globbuf.gl_pathv list. How do I get pcap_open_offline to process
    all files in the directory? Or do I need to use another function?

    If I were to use an array of "handle", one for each pcap file, how do
    I make sure pcap_loop will process each handle?

    Thank you.
     
    lancer6238, Nov 20, 2008
    #2
    1. Advertisements

  3. lancer6238

    lancer6238 Guest

    I just figured out that I just have to loop pcap_loop as many times as
    the number of files/handle I have to process each file.

    Thank you for your help!
     
    lancer6238, Nov 20, 2008
    #3
  4. lancer6238

    Lew Pitcher Guest

    On November 19, 2008 20:08, in comp.os.linux.networking,
    Hmmmm.... To each his own.
    I'd find it easier to loop through multiple argv[] entries than I would to
    (a) force the end user to single-quote the pathname so that the program
    could run its own glob() call, and (b) loop through all the results of the
    glob() call. But, you may be different.
    glob() returns a list of matching paths in gl_pathv, and a count of the
    number of matching paths in gl_pathc (see the glob(3) manpage)

    So, your code would really be...

    glob_t globbuf;

    if (glob("/data/traffic/*.pcap", GLOB_ERR, NULL, &globbuf) == 0)
    { /* glob() didnt encounter any errors */

    /* loop through all the matched paths */
    while (globbuf.gl_pathc-- > 0)
    { /* process one matched path */

    /* use the path, advance to the next in the list */
    handle = pcap_open_offline(*(globbuf.gl_pathv++), errbuf);

    /* rest of the pcap_ processing goes here */

    }
    globfree(&globbuf);
    }



    Of course. pcap_open_offline knows nothing of the glob() list. It expects
    only one path, not a list of paths.
    See my example above
    Not really. Just use what glob() gives you.
    You really want to read (and understand) glob(3) ("man 3 glob")
    From the looks of the documentation (see pcap(3)), pcap_loop() loops through
    the data in one (and only one) pcap_t * (that which you call 'handle'). You
    make sure that pcap_loop() processes each handle by having pcap_loop()
    process each handle. That is to say, all in all, your glob/pcap logic
    should look something like

    glob_t globbuf;

    if (glob("/data/traffic/*.pcap", GLOB_ERR, NULL, &globbuf) == 0)
    { /* glob() didnt encounter any errors */

    /* loop through all the matched paths */
    while (globbuf.gl_pathc-- > 0)
    { /* process one matched path */

    /* use the path, advance to the next in the list */
    handle = pcap_open_offline(*(globbuf.gl_pathv++), errbuf);
    while (pcap_loop(handle,...) > 0)
    {
    /* all the work is done by pcap_loop() */
    /* so this can be a dummy statement */
    }
    pcap_close(handle);
    }
    globfree(&globbuf);
    }

    (Bear in mind that I've not written any pcap* code before, and am going just
    by the manpage. The actual logic will probably be a lot more complex than
    that)

    HTH
    --
    Lew Pitcher

    Master Codewright & JOAT-in-training | Registered Linux User #112576
    http://pitcher.digitalfreehold.ca/ | GPG public key available by request
    ---------- Slackware - Because I know what I'm doing. ------
     
    Lew Pitcher, Nov 20, 2008
    #4
  5. lancer6238

    Chris Davies Guest

    You're thinking too much like DOS. Your program doesn't need to expand
    the list of arguments - the shell will do that for you:

    your_program *.whatever

    This will give you all the files ending with ".whatever" and you can
    iterate across main()'s argv[].

    Chris
     
    Chris Davies, Nov 21, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.