Varuna De Silva wrote: > 1. what is really meant by the callback routine, what does it do? How > should I write this function?where should this be written. please be kind > to guide me to starting place. my idea is that it is the higher layer sw > which makes use of libpcap.
Yes, the callback function is in the higher-layer software that uses libpcap/WinPcap. tcpdump, for example, has two callback functions that write raw packet data to a capture file and one callback function that dissects the packet and prints the dissection; other programs such as Wireshark/TShark, snort, etc. have their own callback functions. The callback function processes the packet data handed to it as the third argument, and the packet time stamp and length information in the structure passed to it as the second argument. If you're modifying libpcap to support a new type of capture, you don't write the callback function, you write code in the read_op routine to call the callback function; a pointer to the callback function is passed to the read_op routine. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.