Component index
Section index

Component tcpdump


Search

	/*
	    Here we show how to discard some session and how to handle
	    already started sessions.
	
	    To test, we use the sample_client and sample_server twice.
	*/
	<mod>
	static void sample_discard(const char *device,const char *filter)
	{
	    <call tcpdump>(device,filter);
	    <f newsession>
	        if (session.dport == 8000){
	            printf ("newsession: %08x:%u -> %08x:%u\n"
	                ,session.saddr,session.sport
	                ,session.daddr,session.dport);
	        }else if (session.sport == 8000){
	            printf ("newsession: %08x:%u -> %08x:%u\n"
	                ,session.daddr,session.dport
	                ,session.saddr,session.sport);
	            reverse = true;
	        }else{
	            discard = true;
	        }
	    </f>
	    <f endsession>
	        printf ("endsession: %08x:%u -> %08x:%u (%s)\n"
	            ,session.saddr,session.sport
	            ,session.daddr,session.dport
	            ,clientending ? "Client ended" : "Server ended");
	    </f>
	    <f packet>
	        printf ("packet: %08x:%u %s %08x:%u\n\t[rec %u/%Lu/%ld.%ld (%lu) snd %u/%Lu/%ld.%ld (%lu)]\n"
	            ,session.saddr,session.sport
	            ,from ? "<-" : "->"
	            ,session.daddr,session.dport
	            ,stats.from.nbpk,stats.from.size
	            ,stats.from.stamp.tv_sec,stats.from.stamp.tv_usec
	            ,stats.from.seq
	            ,stats.to.nbpk,stats.to.size
	            ,stats.to.stamp.tv_sec,stats.to.stamp.tv_usec
	            ,stats.to.seq);
	    </f>
	    </call>
	}
	</mod>