Skip to content

ToDump

Jump to bottom Edit New page
Tom Barbette edited this page May 7, 2020 · 3 revisions

ToDump Element Documentation

NAME

ToDump — Click element; writes packets to a tcpdump file

SYNOPSIS

ToDump(FILENAME [, keywords SNAPLEN, ENCAP, USE_ENCAP_FROM, EXTRA_LENGTH, NANO])

Batching: Batching natively supported
Ports: 1 input, at most 1 output
Processing: agnostic
Drivers: userlevel, ns

DESCRIPTION

Writes incoming packets to FILENAME in `tcpdump -w' format. This file can be read by `tcpdump -r', or by FromDump on a later run. FILENAME can be `-', in which case ToDump writes to the standard output.

Writes at most SNAPLEN bytes of each packet to the file. The default SNAPLEN is 2000. If SNAPLEN is 0, the whole packet will be written to the file. ENCAP specifies the first header each packet is expected to have. This information is stored in the file header, and must be correct or tcpdump won't be able to read the file correctly. It can be ETHER (Ethernet encapsulation), IP (raw IP packets), FDDI, ATM, 802_11, SLL, AIRONET, HDLC, PPP_HDLC, PPP, SUNATM, PRISM, or NULL; the default is ETHER.

ToDump may have zero or one output. If it has an output, then it emits all received packets on that output. ToDump will schedule itself on the task list if it is used as a pull element with no outputs.

Keyword arguments are:

  • SNAPLEN — Integer. See above.
  • ENCAP — The encapsulation type to store in the dump. See above.
  • USE_ENCAP_FROM — Argument is a space-separated list of element names. At initialization time, ToDump will check these elements' `encap' handlers, and parse them as ENCAP arguments. If all the handlers agree, ToDump will use that encapsulation type; otherwise, it will report an error. You can specify at most one of ENCAP and USE_ENCAP_FROM. FromDump and FromDevice.u have `encap' handlers.
  • EXTRA_LENGTH — Boolean. Set to true if you want ToDump to store any extra length as recorded in packets' extra length annotations. Default is true.
  • UNBUFFERED — Boolean. Set to true if you want ToDump to use unbuffered IO when saving data to a file. This is unlikely to work with compressed dump formats. Default is false.
  • NANO — Boolean. Set to true to write nanosecond-precision timestamps. Default depends on the version of tcpdump/pcap on the machine.
  • FORCE_TS — Boolean. Set to true to force writing a "zero" timestamp. This may be useful to write trace with offests relative to the first packet, that will be zero. Defaults to False for backward compatibility.

This element is only available at user level.

NOTES

ToDump stores packets' true length annotations when available.

ELEMENT HANDLERS

  • count (read-only) — Returns the number of packets emitted so far.
  • reset_counts (write-only) — Resets "count" to 0.
  • filename (read-only) — Returns the filename.

SEE ALSO

FromDump, FromDevice.u, ToDevice.u, tcpdump

Generated by click-elem2man from ../elements/userlevel/todump.hh:12 on 2020/05/07.

Add a custom footer
Clone this wiki locally