Packet Capture

SDK applications can capture network traffic using the UNIX libpcap packet capture library.

Libpcap uses the Berkeley Packet Filter (BPF) kernel module. For details about this library see the FreeBSD libpcap documentation.

The libpcap functions are declared in the bsd/contrib/libpcap/pcap.h file in your backing sandbox.

Using libpcap with the Junos SDK

Applications call pcap_open_live() to get a packet capture descriptor that allows them to see packets on the network device driver. For this purpose, pcap_open_live() needs to open a file known as the pcap device, /dev/bpfN (where N is an integer). In the Junos system, only the superuser can read or write to the pcap device.

Accordingly, before you can use libpcap on the Routing Engine, you must have defined the special roles Provider_BPF_Capture_Daemon or Provider_BPF_Capture_Application in your application manifest (for details about defining roles and writing the manifest, see Writing the Manifest and Specifying Roles). These roles allow nonroot-owned RE SDK applications to open the pcap device.

Limitations of libpcap Support

The following limitations apply for SDK support of libpcap:


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:47 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5