7 /** \page sniffer Sniffer: A simple example application
9 \dontinclude Sniffer.cc
11 The Sniffer application is a simple command line network sniffer like \c tcpdump or \c
12 tethereal. The application uses a packet socket to read Ethernet packets from the \c eth0
13 interface and dumps the parsed packets out to the standard output.
15 To try out the example application, check out the library, go to the \c Sniffer
21 < Hit Ctrl-C when you've seen enough >
23 < Hit Ctrl-C when you've seen enough >
26 We will now look at the code which is found in \c Sniffer.cc in the \c Sniffer directory. The
27 code starts out by including the necessary headers
29 \skip // Custom includes
32 (The additional includes found in the source but not shown here are part of a short-time fix
33 which will be removed as soon as possible). The example application now contains a helper
34 routine to produce a packet hexdump. We will skip this routine here. The example includes two
35 implementations, one using blocking calls and a while loop, the other using the senf::Scheduler
36 for asynchronous event notification. They are implemented in \c loop_main() and \c
37 scheduler_main(). They will be documented below. For now, we skip these implementations and go
38 straight to the \c main() function
44 This routine simply interprets the first command line argument and dispatches to the required
47 Now lets go back and study each implementation in detail.
49 \dontinclude Sniffer.cc
51 \section example_loop A Blocking Implementation
53 This implementation is found in the \c loop_main function.
58 We catch all exceptions in a \c try block. This is good for a deliverable binary. When debugging
59 the application, it might be better to let the exception \c abort the execution so you can get a
60 backtrace of the exception origin in the debugger.
62 We now create a packet socket and bind it to the \c eth0 interface. A packet socket is a linux
63 specific type of socket which returns ethernet packets directly from the network wire. By
64 uncommenting the last line, you may switch the interface into promiscuous mode.
66 We will now read packets from the socket forever, that is until the user hits Ctrl-C
71 The next step is, to parse the data read from the socket as an Ethernet packet
75 Lets digest this line step by step: We declare a variable named \c packet as a smart pointer to
76 an \c EthernetPacket instance. \c ptr is a typedef member of all Packet classes for the
77 corresponding smart pointer type. We then initialize this pointer with a call to the static \c
78 create member of the \c Packet class. This member takes the type of Packet to parse as a
79 template argument. We pass \c EthernetPacket here. The function takes an iterator range as an
80 argument, and we pass it the complete packet just read by giving the range \c begin() to \c
81 end() of our just read \c data string.
83 The next step is to write out the packet to the standard output
87 The \c dump call will write out a complete representation of the parsed packet data. The Packet
88 library will \e not try to interpret payload data as long as no exact indication of the payload
89 type is available (example: A UDP Payload is not parsed further unless you explicitly tell the
90 library, how to parse it). Tools like \c tethereal guess the payload type by checking port
91 numbers and the payload data, however this is not advisable for a general purpose packet
94 The next line, \c hexdump, will write out the \e last packet component. Packets are managed as a
95 chain of headers. The last header is normally a \c DataPacket holding the payload data.
97 That's it. We finish of by catching the exception and giving as much detail as possible if an
104 The \c prettyName function from the \c Utils library is used, to get a nice, printable
105 representation of the \e dynamic type of the exception instance. It is an interface to the g++
106 demangler. This is necessary since the \c name member of the C++ \c type_info instance is a
107 mangled name in \c g++.
109 That's it for the simple blocking implementation.
111 \section example_scheduler Using the Scheduler
113 However, we have another one which uses the Scheduler. We do this as it will be most of the
114 time: We define a class which manages reading the packets and dumping them out.
118 The class constructor binds the socket defined as a data member to the correct interface.
122 The public \c run() member is called to run the sniffer. It first adds the socket to the
123 Scheduler. The \c add() call takes two Arguments, the socket to bind to (which can be a lot of
124 things and must not necessarily be a socket instance) and callback to call, whenever there is an
125 event on that socket. A third argument may be specified to restrict the events, on which the
126 function is called, here we have left out this argument which defaults to
127 senf::Scheduler::EV_ALL.
129 The callback is specified as a <a
130 href="http://www.boost.org/doc/html/function.html">Boost.Function</a> object. We use the \c
131 senf::membind helper from the Utils library to build such a function object. This helper takes
132 an arbitrary class member and binds it to a specific instance.
136 Calling the Schedulers \c process() method will start the event loop. This call does not return
137 (ok, it does return in special cases if \c senf::Scheduler::terminate() is called which does not
142 The \c dumpPacket() member is called by the scheduler whenever an event on the socket is
143 encountered. The scheduler always passes two arguments: The socket and an event id which
144 identifies the type of event which triggered the call.
148 The body is absolutely identical to the body of the \c while loop of the blocking
149 implementation. However, the scheduler guarantees, that a read on the socket will not block if
150 the socket is triggered to be readable (even if the socket is not set to non-blocking mode).
152 We now only need to provide the \c scheduler_main() function to run this code
157 This function is straight forward. The exception handling is the same as in \c loop_main(). The
158 code then just creates a \c Sniffer instance and calls it's \c run() member.
160 \see \ref components \n
162 <a href="../../Socket/doc/html/index.html"><b>libSocket API reference</b></a> \n
163 <a href="../../Packets/doc/html/index.html"><b>libPackets API reference</b></a> \n
164 <a href="../../Utils/doc/html/index.html"><b>libUtils API reference</b></a>
172 // c-file-style: "senf"
173 // indent-tabs-mode: nil
174 // ispell-local-dictionary: "american"