Using a linked list with counters for packet sniffing in C

Question

I've been reading online and watching demo vids on how to use linked lists in C, and have a somewhat basic understanding of them now. Apologies in advance as my experience of C is both rusty and limited.

I have an open source packet sniffer in C (sniffex.c via tcpdump.org) that I'd like to tinker with and make it more user friendly, by displaying statistics and so on.

After some research I've found that linked lists seem to be the way to go as I'll be dynamically taking data and forming 2 things from this - a small table of network traffic data and subsequent counters.

    As a rough example, it would look something like this:

| Source IP    Destination IP   Type   Count |
192.168.1.1    192.168.1.2      TCP    245
192.168.1.2    192.168.1.1      TCP    230
192.168.1.3    192.168.1.1      UDP    400

Rather than have sniffex throwing all of the packet data at the screen simultaneously (source IP, Destination IP, Traffic Type and port) I'd like it to do the following:

Make a dynamic record of source IP -> destination IP and attaching a counter monitoring how many times a packet has been sniffed. I guess I'd need to install some sort of logical loop to check the linked list that this entry already existed before the creation of another entry? If the source IP, Destination IP, port and traffic type already existed then it's a case of incrementing a 'packet counter' each time it is sniffed.

Am I right in thinking that I would need to create a struct which includes the attributes of the source IP, dest IP, traffic type first?

Apologies again if there is a lack of clarity. Any help, advice or links would be most useful to me and greatly appreciated.

Answer 1

You probably want a map instead of a linked list. Here one I found for C: http://uthash.sourceforge.net/

If you have c++ you can use std::map.