Versions Compared

Version Old Version 1 New Version 2
Changes made by

Dmitry Ter-Ovanesyan

Dmitry Ter-Ovanesyan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Capture Point. This is defined as one of IP network interfaces available on the host machine PLUS the IP version of packets that we want to capture (IPv4 or IPv6). So, for every NIC installed there can be 2 capture points configured - one for IPv4, and one for IPv6. Capture Point concept is defined simply because the underlying capture technologies require to choose one adapter AND one IP version to setup the packet capture. There will be various ways to identify a Capture Point. The simplest way to point to a particular capture point is to provide a IP address string. Btcap will then understand whether it is IPv4 or IPv6, and then identify the network interface that has the specified IP address. If none of the local IP interfaces have the specified address, then an attempt to start capture will fail. 
  • Capture Session. This describes the process of capturing network traffic from a single Capture Point. An executable using btcap library may start multiple capture sessions if necessary. With appropriate configuration, some or all of them can capture from the same Capture Point. 
  • Capture Session Config. This term describes the set of parameters that defines the session. It is primarily defined as a C structure BTCAP_SessionConfig. That structure can be initialized in the code or loaded from a config file. That adds flexibility to the solution. If the code utilizing btcap library is a standalone command line program, it is comfortable to load session config from the file. On the other hand, if that code is part of a bigger system such as SR140 server, it is perhaps easier to fill the config structure from the code. The In the config file structure is similar to Brooktrout call control config file. Each , each line follows name=value pattern.

Note: it is possible to extend the above config file format to have multiple sessions configured in one file. Config file could have sections named like this: [wlan0-v6], [eth0-v4], and so on. Each section would hold one session config. Reading such config file would have started all the sessions. Do we need this? Or is it too complicated? 

Basic API

With the terms defined above, the exposed API is very simple. The API is the same for Windows and Linux. There are only a few C-style entry points exported from the library. 

...

Here is the basic sequence of operations utilizing the btcap library (in pseudo-code). 

---

// Load library and obtain exported entry point pointers by names. If load failed, exit.  

// Config file path for this session

const char* configFilePath = ".\btcap.cfg";

// Allocate config structure

BTCAP_SessionConfig cfg = {};

// Optional: Initialize config structure from a config file path obtained/declared earlier. (Alternatively, just initialize all fields from the code).

btcap_read_config(configFilePath, &cfg);

// Start capture session

int sessionID = 0;

btcap_start(&cfg, &sessionID);

// Session started in separate thread. Do other stuff...

// Later stop the capture session

btcap_stop(sessionID);

// Unload the library

-----

Higher level API - BTCapHelper

...

-----

#include "../include/btcap-helper.h"

#ifdef WIN32
const char* libraryPath = "./btcap.dll";
#else
const char* libraryPath = "./btcap.so";
#endif

int main(int argc, char* argv[])
{
    // TODO: pass this as a command line argument.
    const char* btcapConfigPath = "./btcap.cfg";

    printf("Checking if BTCap is available...\n");
    bool ok = BTCap_isAvailable(libraryPath);
    if (!ok)
    {
        printf(" BTCap is NOT available. Exiting.\n");
        return 10;
    }

    printf(" BTCap is available.\n");

    int rc;

    BTCapHelper* btcap = BTCap_GetHelper(libraryPath);

    BTCAP_SessionConfig btcapConfig = {0};

    printf("Reading btcap session config file (%s) ...\n", btcapConfigPath);

    rc = btcap->ReadConfig(btcapConfigPath, &btcapConfig);

    printf("Starting btcap session...\n");

    rc = btcap->Start(&btcapConfig);

#ifdef WIN32
    SetConsoleCtrlHandler(console_ctrl_handler, TRUE);
#else
    signal(SIGINT, sig_handler);
    signal(SIGHUP, sig_handler);
    signal(SIGSTOP, sig_handler);
    signal(SIGKILL, sig_handler);
    signal(SIGTERM, sig_handler);
#endif

    printf("Running btcap session...\n");

    while (!g_exit)
    {
        // Do other stuff
        Sleep(1000);
    }

    printf("Stopping btcap session...\n");

    btcap->Stop();

    delete btcap;

    printf("Exiting...\n");

    return 0;
}

----

...