How netpack started
Since I have used Freesco (and Kernel provided by it, 2.0.x, doesn't support interface statistics per byte), I started using iptotal. It provided a nice output, by using cgi and rrdtool (a database supporting round-robin data). You can see those graphs on the following link (if my own freesco-box is down by some reason)
Quickly I started to enjoy the way iptotal was able to get the octets the Kernel processed, even without direct Kernel support. I did learn about libpcap, and suddenly started to enjoy immensely all things we could do by using this magic library. Nothing about magic, really: it was just using the Kernel Netlink capabilities (Netlink socket is a special IPC used for transferring information between kernel and user-space processes; comprehensive details at the Linux Journal; an interesting genric idea is also published at Wikipedia). pcap stands for Packet Capture library, and is has a quite generic implementation of a packet sniffer and filter, the latter also known as net/bpf, or just BPF. I put BPF aside, since I was not interested in filtering packets on the Kernel level. That would be too much for my knowledge and out of scope.I become really interested in the ways I could snif data through my own network: that way I could control better the trojans and parasites around -- since wasting money to buy an anti-virus was out of the question.
So I have learn the basic hooks necessary to bring pcap alive: I got amazed by the knowledge required to do such a task. Tricks and adjustments, just to capture a bunch of packets from the Kernel!... [sigh] I thought the best would be to wrap this knowledge in a simple and straight forward interface -- this and a new library (called gpcap) was one step.
The library interfaced libpcap in a simple way for any end-programmer: and I chose C++, to provide an adjusted encapsulation. From gpcap to a small program (called gPackCount) to test it was another step. The README contained the following paragraphs:
There is currently limited functionality provided by *gpackcount*Then gPackCount has grown to comprise more and more services, and includes a self-contained rDNS-cache (with a proprietary caching algorithm). Currently (as of version 0.8) gPackCount has 4932 lines of code, plus three basic libraries:
because this was my start application for testing *gpcap*
...
It uses mainly pcap and gpcap libraries. pcap is GPL (not my own
product), and gpcap is a wrapper for easing the implemented pcap
interfaces. pcap is out of scope in this document, but the basic
idea is to capture packets using either the Kernel CONFIG_PACKET
(PF_PACKET Kernel >=2.2), or attach an interface in promiscuous
mode (Kernel <2.2).
- libgobj (the basic object handling; lists, etc)
- libgobjeio (for the extended generic I/O services)
- libgpcap (pcap eased interface)
Around this utility, the 'NetPack' package was formed as a set of useful services, explained shortly below.
NetPack is a package of the following functionality:
* libgpcap (wrapped pcap functionality, using also libgobj)
DIR: ../.../gprog/gsrc/gpcap
* Autonomous System (AS) tables builder: one .asg and many .ast tables
DIR: gAstCompile
* Packet counter utility
Shows IP packet structure, moreover shows TCP details.
This suits also testing of libgpcap
DIR: gPackCount
2 comments:
The Debian package of iptotal is available at:
http://packages.qa.debian.org/i/iptotal.html
"... if my own freesco-box is down by some reason" => refer to http://faztek.org/~henrique/iptotal/archive/2006-01-15.png
Post a Comment