-
Notifications
You must be signed in to change notification settings - Fork 49
Parallel Libtrace HOWTO: First Packet Callback
In some packet analysis situations, it is necessary to initialise some variables based on the contents of the first packet. One obvious example would be if you wish to use relative timestamping based on the start of the trace. For this reason, processing threads can register a callback that will be triggered whenever the first packet has been read from an input trace. The callback function will be invoked by every processing thread and the trace_get_first_packet() function can be used to access the initial packet.
A first packet callback looks something like:
/* Just an example, your struct would probably have more fields */
struct process_tls {
double firstts;
}
static void first_packet(libtrace_t *trace, libtrace_thread_t *thread,
void *global, void *tls, libtrace_thread_t *sender) {
/* Remember that this has been created by the start callback */
struct process_tls *p = (struct process_tls *)tls;
libtrace_packet_t *packet;
/* Get access to the first packet. Setting the second argument to
* NULL means get the first packet seen by all threads. We can also
* set this to a specific thread if we only want the first packet
* for that thread.
*/
trace_get_first_packet(trace, NULL, &packet, NULL);
/* Grab the timestamp from our packet for our future relative
* timestamp arithmetic.
*/
p->firstts = trace_get_seconds(packet);
}
/* somewhere in main where we configure our callbacks */
trace_set_first_packet_cb(processing, first_packet);
The fourth argument to trace_get_first_packet() is a struct timeval **, which can be used to get the time when the first packet was read by libtrace (in real time, not trace time). It is an optional argument, hence we set it to NULL.
The next type of callback that we are going to discuss allows you to provide custom processing code for any meta-data records that are encountered within the input trace / stream. Move on to learn more about meta packet callbacks.