大概了解了一下PCAP的基本源码结构,以及关键函数调用 ,主要是想弄清楚pcap是怎么实现抓“any”的数据的,看了代码后其实很简单,指定网卡时创建的socket是SOCK_RAW,不指定网卡时创建的是SOCK_DGRAM
//创建一个pap结构
pcap_t *pcap_create(const char *device, char *errbuf)
|
|__> p = pcap_create_interface(device_str, errbuf); p->opt.device = device_str;
|
|____> pcap_t *handle;
handle = pcap_create_common(ebuf, sizeof (struct pcap_linux));
handle->activate_op = pcap_activate_linux;
handle->can_set_rfmon_op = pcap_can_set_rfmon_linux;
return handle;
//激活pcap结构,主要包含:
//1.将一些回调函数注册到pcap结构中
//2.创建socket
int pcap_activate(pcap_t *p);
|
|__> status = p->activate_op(p);
|
|__> handle->inject_op = pcap_inject_linux;
handle->setfilter_op = pcap_setfilter_linux;
handle->setdirection_op = pcap_setdirection_linux;
handle->set_datalink_op = pcap_set_datalink_linux;
handle->getnonblock_op = pcap_getnonblock_fd;
handle->setnonblock_op = pcap_setnonblock_fd;
handle->cleanup_op = pcap_cleanup_linux;
handle->read_op = pcap_read_linux;
handle->stats_op = pcap_stats_linux;
………………
ret = activate_new(handle);
|
|__>sock_fd = is_any_device ?
socket(PF_PACKET, SOCK_DGRAM, protocol) :
socket(PF_PACKET, SOCK_RAW, protocol);
handle->fd = sock_fd;
//接收捕获的数据,并调用回调函数处理接收的数据
int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
|
|__> n = p->read_op(p, cnt, callback, user);
|
|__> pcap_read_packet(handle, callback, user);
|
|__> packet_len = recvfrom(handle->fd, bp + offset, handle->bufsize - offset, MSG_TRUNC,(struct sockaddr *) &from, &fromlen);
handlep->packets_read++;
/* Call the user supplied callback function */
callback(userdata, &pcap_header, bp);