设置用户缓冲区:pcap_setuserbuffer源码如下:
int
pcap_setuserbuffer(pcap_t *p, int size)
{
unsigned char *new_buff;
if (!p->adapter) {
sprintf(p->errbuf,"Impossible to set user buffer while reading from a file or on a TurboCap port");
return -1;
}
if (size<=0) {
/* Bogus parameter */
sprintf(p->errbuf,"Error: invalid size %d",size);
return -1;
}
/* Allocate the buffer */
new_buff=(unsigned char*)malloc(sizeof(char)*size); //分配用户缓冲区的size
if (!new_buff) {
sprintf(p->errbuf,"Error: not enough memory");
return -1;
}
free(p->buffer);
p->buffer=new_buff; //保存用户缓冲区的地址
p->bufsize=size; //保存用户缓冲区的size
/* Associate the buffer with the capture packet */
PacketInitPacket(p->Packet,(BYTE*)p->buffer,p->bufsize);
return 0;
}
PacketInitPacket为初始化p->packet结构,函数源码如下:
/*!
\brief Initializes a _PACKET structure.
\param lpPacket The structure to initialize.
\param Buffer A pointer to a user-allocated buffer that will contain the captured data.
\param Length the length of the buffer. This is the maximum buffer size that will be
transferred from the driver to the application using a single read.
\note the size of the buffer associated with the PACKET structure is a parameter that can sensibly
influence the performance of the capture process, since this buffer will contain the packets received
from the the driver. The driver is able to return several packets using a single read call
(see the PacketReceivePacket() function for details), and the number of packets transferable to the
application in a call is limited only by the size of the buffer associated with the PACKET structure
passed to PacketReceivePacket(). Therefore setting a big buffer with PacketInitPacket can noticeably
decrease the number of system calls, reducing the impcat of the capture process on the processor.
*/
VOID PacketInitPacket(LPPACKET lpPacket,PVOID Buffer,UINT Length)
{
TRACE_ENTER("PacketInitPacket");
lpPacket->Buffer = Buffer;
lpPacket->Length = Length;
lpPacket->ulBytesReceived = 0; //初始化lpPacket结构
lpPacket->bIoComplete = FALSE;
TRACE_EXIT("PacketInitPacket");
}
p->packet结构在pcap_read_win32_npf里面使用,用来接收数据包。
static int
pcap_read_win32_npf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
int cc;
int n = 0;
register u_char *bp, *ep;
#ifdef HAVE_REMOTE
static int samp_npkt; // parameter needed for sampling, with '1 out of N' method has been requested
static struct timeval samp_time; // parameter needed for sampling, with '1 every N ms' method has been requested
#endif /* HAVE_REMOTE */
cc = p->cc;
if (p->cc == 0) {
/*
* Has "pcap_breakloop()" been called?
*/
if (p->break_loop) {
/*
* Yes - clear the flag that indicates that it
* has, and return -2 to indicate that we were
* told to break out of the loop.
*/
p->break_loop = 0;
return (-2);
}
/* capture the packets */
if(PacketReceivePacket(p->adapter,p->Packet,TRUE)==FALSE){
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error: PacketReceivePacket failed");
return (-1);
}
cc = p->Packet->ulBytesReceived;
bp = p->Packet->Buffer;
}
else
bp = p->bp;
。。。。。。。。。。。。。。。。。。。。。
}