1

我最近一直在使用 pf_ring / libpcap。我从来没有使用 libpcap 或 pf_ring 开发过,所以请原谅这似乎是一个愚蠢的问题,因为网络编程对我来说是半新的......从广义上讲,我想要做的是访问 if_index 接收的数据包。我目前使用 pf_ring 使用“C”创建了一个简单的原始数据包嗅探器,如下所示:

#include <pcap.h>
#include <pfring.h>
#include <string.h>
#include <stdlib.h>

#define MAXBYTES2CAPTURE 2048


void processRingPacket(const struct pfring_pkthdr* pkthdr, const u_char* packet, const u_char *arg)
{
        int i=0, *counter = (int*)arg;

        printf("Packet Count: %d ", ++(*counter));
        printf("Received Packet Size: %d ", pkthdr->len);
        printf("ifIndex: %d ", pkthdr->extended_hdr.if_index);
        printf("Payload:\n");

        for(i=0; i < pkthdr->len; i++)
        {
            if(isprint(packet[i]))
            {
                    printf("%c ", packet[i]);
            }

            else
            {
                    printf(". ");
            }

            if((i % 16 == 0) && (i != 0) || (i == pkthdr->len-1))
            {
                    printf("\n");
            }
    }

    return;

}

int main()
{
    int count = 0;
    char *device = "eth0";  

    printf("Opening Device: %s\n", device); 

    pfring* ring = pfring_open(device, MAXBYTES2CAPTURE, 0);
    pfring_enable_ring(ring);

    pfring_loop(ring, processRingPacket, (u_char*)&count, 1);   

    return 0;
}

查看 pf_ring API 中的 pfring_pkthdr 结构,我应该能够执行以下操作:

pkthdr->extended_hdr.if_index

但是,当我尝试打印索引时,它只打印 0。我猜 if_index 实际上并没有被设置,因为当我实际调用 pf_ring 函数来获取设备 if 索引时,我实际上收到了指定设备的值:

pfring_get_device_ifindex (pfring *ring, char *device_name, int *if_index)

问题是我正在尝试查看每个数据包的 if_index,因此在回调函数“processRingPacket”中无法通用指定设备。我在这里笼统地说是因为会有两个接口捕获数据包。关于我的菜鸟错误可能是什么的任何想法?

4

2 回答 2

2

我认为您需要PF_RING_LONG_HEADER作为标志传递给pfring_open(). 于是就变成了,pfring_open(device, MAXBYTES2CAPTURE, PF_RING_LONG_HEADER);

于 2014-09-01T13:17:47.270 回答
1

如果pkthdr->extended_hdr.if_index未在回调函数中设置,您始终可以在参数中将其传递给您的回调函数arg

struct Dev {
   int count;
   int if_index;
};

...

char *device = "eth0";  
struct Dev dev;
dev.count = 0;
dev.if_index = if_nametoindex(device); //from #include <net/in.h>

printf("Opening Device: %s\n", device); 

pfring* ring = pfring_open(device, MAXBYTES2CAPTURE, 0);
pfring_enable_ring(ring);

pfring_loop(ring, processRingPacket, (u_char*)&dev, 1);

并在回调函数中恢复:

void processRingPacket(const struct pfring_pkthdr* pkthdr, const u_char* packet, const u_char *arg)
{
    struct Dev *dev = (struct Dev*)arg;    
    int i=0, *counter = (int*)&dev->count;
   //and use dev->if_index; whenever you need to.
于 2014-09-01T13:41:05.347 回答