This chapter describes Netdude's architecture. It is intended to give you a better understanding of what is going on under the hood, particularly if you consider extending Netdude by contributing a plugin.
Starting with the 0.4 release, Netdude's architecture has become much more modularized. There is now a clear separation of packet manipulation and GUI functionality. The following diagram illustrates this:
At the very bottom sits
libpcap, as its functionality is of course used
to understand trace files in general. It is rarely used directly; rather,
is commonly used. It provides a thin wrapper around
libpcap and introduces an API
to allow trace file navigation (i.e., the ability to jump to arbitrary locations
in the trace, specified using timestamps or fractional offsets).
It is based on Vern Paxson's
tcpslice tool and has been improved to be more
robust, although it does take a little (normally unnoticeable) bit longer to
synchronize with the packet stream at a new location in a trace.
The next layer is the heart of the system:
the packet manipulation component.
libnetdude provides data
structures and APIs to create and manipulate arbitrarily large traces,
packets, trace parts, trace navigation, protocols, tcpdump output, and
packet filters. Individual protocol support is provided through plugins,
implemented as dynamically loaded shared libraries. These plugins serve the
purpose of structuring raw packet data.
libnetdude initializes packets as much
as the installed protocol plugins allow, augmenting each packet with information
about the nesting structure of the protocols contain in the packet's raw
data. This makes it easy to obtain, say, the TCP headers of a packet.
libnetdude also provides the
infrastructure for feature plugins; those are plugins that encapsulate
arbitrary packet manipulation modules and make them accessible to other
developers through a common interface.
libnetdude can also associate open trace files
tcpdump process that can be used to obtain
tcpdump output for
individual packets. Please refer to
libnetdude's documentation for more details.
Finally, the Netdude application is primarily a GUI front end to
libnetdude such as packet insertions & deletions, packet filtering,
filter installation, saving a trace to disk, etc. are passed up to Netdude
using an observer/observee pattern — Netdude registers observers with
libnetdude that pass packet and trace events up to the front end. Netdude also
libnetdude's plugin system at the GUI level: developers can contribute
GUI feature and protocol plugins that provide dialogs to access external
code and display protocol data, respectively.