int main(int argc, char **argv) {
char errbuf[PCAP_ERRBUF_SIZE];
struct pcap_pkthdr *pkthdr;
const u_char *pkt_data;
Options options;
parse_args(argc, argv, &options);
if(options.list_devices) {
show_devices();
exit(0);
}
// Create Handles for in and out
pcap_t *in_handle = pcap_create(argv[1], errbuf);
pcap_t *out_handle = pcap_create(argv[1], errbuf);
if(!in_handle | !out_handle )
exit_error(errbuf, -1);
int result = 0;
// Set timeout
result = pcap_set_timeout(in_handle, 1); // Header size up to window size
result = pcap_set_timeout(out_handle, 1); // Header size up to window size
handle_pcap_errors(in_handle, result, "set_timeout");
handle_pcap_errors(out_handle, result, "set_timeout");
// Activate!
result = pcap_activate(out_handle);
result = pcap_activate(in_handle);
handle_pcap_errors(out_handle, result, "pcap_activate");
handle_pcap_errors(in_handle, result, "pcap_activate");
// Set Filter
filter_on_port(out_handle, "src port ", options.port_str);
filter_on_port(in_handle, "dst port ", options.port_str);
// Count packet lenghts on port
int out_byte_count = 0;
int in_byte_count = 0;
for(int i = 0; i < 100; i++) {
pcap_next_ex(out_handle, &pkthdr, &pkt_data);
out_byte_count += pkthdr->len;
pcap_next_ex(in_handle, &pkthdr, &pkt_data);
in_byte_count += pkthdr->len;
}
printf("In Bytes: %d\n", in_byte_count);
printf("Out Bytes: %d\n", out_byte_count);
return 0;
}
/* Initializes pcap capture settings and returns a pcap handle on success, NULL on error */
pcap_t *capture_init(char *capture_source) {
pcap_t *handle = NULL;
char errbuf[PCAP_ERRBUF_SIZE] = {0};
#ifdef __APPLE__
// must disassociate from any current AP. This is the only way.
pid_t pid = fork();
if (!pid) {
char* argv[] = {"/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport", "-z", NULL};
execve("/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport", argv, NULL);
}
int status;
waitpid(pid, &status, 0);
handle = pcap_create(capture_source, errbuf);
if (handle) {
pcap_set_snaplen(handle, BUFSIZ);
pcap_set_timeout(handle, 50);
pcap_set_rfmon(handle, 1);
pcap_set_promisc(handle, 1);
int status = pcap_activate(handle);
if (status)
cprintf(CRITICAL, "pcap_activate status %d\n", status);
}
#else
handle = pcap_open_live(capture_source, BUFSIZ, 1, 0, errbuf);
#endif
if (!handle) {
handle = pcap_open_offline(capture_source, errbuf);
}
return handle;
}
Sniffer::Sniffer(const string& device,
promisc_type promisc,
const string& filter,
bool rfmon) {
SnifferConfiguration configuration;
configuration.set_promisc_mode(promisc == PROMISC);
configuration.set_filter(filter);
configuration.set_rfmon(rfmon);
char error[PCAP_ERRBUF_SIZE];
pcap_t* phandle = pcap_create(TINS_PREFIX_INTERFACE(device).c_str(), error);
if (!phandle) {
throw runtime_error(error);
}
set_pcap_handle(phandle);
// Set the netmask if we are able to find it.
bpf_u_int32 ip, if_mask;
if (pcap_lookupnet(TINS_PREFIX_INTERFACE(device).c_str(), &ip, &if_mask, error) == 0) {
set_if_mask(if_mask);
}
// Configure the sniffer's attributes prior to activation.
configuration.configure_sniffer_pre_activation(*this);
// Finally, activate the pcap. In case of error throw runtime_error
if (pcap_activate(get_pcap_handle()) < 0) {
throw pcap_error(pcap_geterr(get_pcap_handle()));
}
// Configure the sniffer's attributes after activation.
configuration.configure_sniffer_post_activation(*this);
}
int main (void)
{
int fd;
/* Create PCAP file */
assert((fd = pcap_create(test_path, LINKTYPE_EN10MB)) > 0);
/* Write payload */
assert(test_pcap_write(fd, icmp_dns, sizeof(icmp_dns)) == 0);
assert(pcap_close(fd) == 0);
assert((fd = pcap_open(test_path, O_RDONLY)) > 0);
assert(pcap_has_packets(fd));
assert(pcap_close(fd) == 0);
assert((fd = pcap_open(test_path, O_RDWR | O_APPEND)) > 0);
/* Write payload */
assert(test_pcap_write(fd, icmp_dns, sizeof(icmp_dns)) == 0);
assert(pcap_close(fd) == 0);
pcap_destroy(fd, test_path);
return (EXIT_SUCCESS);
}
static void print_timestamp_types(const char *dev) {
int i, ntstypes;
char junk[PCAP_ERRBUF_SIZE];
int *tstypes;
pcap_t *handle;
handle = pcap_create(dev, junk);
if(!handle)
return;
ntstypes = pcap_list_tstamp_types(handle, &tstypes);
if(ntstypes > 0)
printf(" Timestamp types:%s", options.verbose > 1 ? "\n" : " ");
if(options.verbose > 1)
for(i = 0; i < ntstypes; ++i)
printf(" %-20s %s\n", pcap_tstamp_type_val_to_name(tstypes[i]),
pcap_tstamp_type_val_to_description(tstypes[i]));
else
for(i = 0; i < ntstypes; ++i)
printf("%s%s", pcap_tstamp_type_val_to_name(tstypes[i])
, i + 1 > ntstypes ? ", " : "\n");
pcap_free_tstamp_types(tstypes);
pcap_close(handle);
}
static pcap_t* open_pcap_dev(const char* ifname, int frameSize, char* errbuf)
{
pcap_t* handle = pcap_create(ifname, errbuf);
if (handle) {
int err;
err = pcap_set_snaplen(handle, frameSize);
if (err) AVB_LOGF_WARNING("Cannot set snap len %d", err);
err = pcap_set_promisc(handle, 1);
if (err) AVB_LOGF_WARNING("Cannot set promisc %d", err);
err = pcap_set_immediate_mode(handle, 1);
if (err) AVB_LOGF_WARNING("Cannot set immediate mode %d", err);
// we need timeout (here 100ms) otherwise we could block for ever
err = pcap_set_timeout(handle, 100);
if (err) AVB_LOGF_WARNING("Cannot set timeout %d", err);
err = pcap_set_tstamp_precision(handle, PCAP_TSTAMP_PRECISION_NANO);
if (err) AVB_LOGF_WARNING("Cannot set tstamp nano precision %d", err);
err = pcap_set_tstamp_type(handle, PCAP_TSTAMP_ADAPTER_UNSYNCED);
if (err) AVB_LOGF_WARNING("Cannot set tstamp adapter unsynced %d", err);
err = pcap_activate(handle);
if (err) AVB_LOGF_WARNING("Cannot activate pcap %d", err);
}
return handle;
}
static bool check_promisc(const char *dev) {
char junk[PCAP_ERRBUF_SIZE];
int err;
pcap_t *handle;
handle = pcap_create(dev, junk);
if(!handle)
goto fail;
err = pcap_set_promisc(handle, 1);
if(err)
/* Should never error: pcap_set_promisc() only errors if handle is active. */
die(0, "DEBUG: Reached unreachable condition at %s:%lu\n", __FILE__, __LINE__);
err = pcap_activate(handle);
if(err && err != PCAP_WARNING)
goto fail;
pcap_close(handle);
return true;
fail:
pcap_close(handle);
return false;
}
pcap_t *
pcap_open_live_extended(const char *source, int snaplen, int promisc, int to_ms, int rfmon, char *errbuf)
{
pcap_t *p;
int status;
p = pcap_create(source, errbuf);
if (p == NULL)
return (NULL);
status = pcap_set_snaplen(p, snaplen);
if (status < 0)
goto fail;
status = pcap_set_promisc(p, promisc);
if (status < 0)
goto fail;
status = pcap_set_timeout(p, to_ms);
if (status < 0)
goto fail;
if(pcap_can_set_rfmon(p) == 1) {
status = pcap_set_rfmon(p, rfmon);
if (status < 0)
goto fail;
}
status = pcap_activate(p);
if (status < 0)
goto fail;
return (p);
fail:
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, pcap_geterr(p));
pcap_close(p);
return (NULL);
}
void capture(char *dev) {
pcap_t *pcap;
char errbuf[PCAP_ERRBUF_SIZE];
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char *packet; /* The actual packet */
if(NULL == dev) {
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
exit(1);
}
}
pcap = pcap_create(dev, errbuf);
pcap_set_rfmon(pcap, 1);
pcap_set_promisc(pcap, 1);
pcap_set_buffer_size(pcap, 1 * 1024 * 1024);
pcap_set_timeout(pcap, 1);
pcap_set_snaplen(pcap, 16384);
pcap_activate(pcap);
if(DLT_IEEE802_11_RADIO == pcap_datalink(pcap)) {
pcap_loop(pcap, 0, got_packet, 0);
} else {
fprintf(stderr, "Could not initialize a IEEE802_11_RADIO packet capture for interface %s\n", dev);
}
}
static void print_datalinks(const char *dev) {
int *linktypes;
int err, i, nlinktypes;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *handle;
handle = pcap_create(dev, errbuf);
if(!handle)
return;
err = pcap_activate(handle);
if(err)
return;
nlinktypes = pcap_list_datalinks(handle, &linktypes);
if(nlinktypes > 0)
printf(" Linktypes:%s", options.verbose > 1 ? "\n" : " ");
if(options.verbose > 1)
for(i = 0; i < nlinktypes; ++i)
printf(" %-20s %s\n"
, pcap_datalink_val_to_name(linktypes[i])
, pcap_datalink_val_to_description(linktypes[i]));
else
for(i = 0; i < nlinktypes; ++i)
printf("%s%s", pcap_datalink_val_to_name(linktypes[i])
, i + 1 > nlinktypes ? ", " : "\n");
pcap_free_datalinks(linktypes);
pcap_close(handle);
}
inline unique_pcap_t create(const std::string &device_name) {
auto buf = error_buffer{};
auto device = pcap_create(device_name.data(), buf.data());
if (!device) {
throw error{"Couldn't create device " + device_name + "\n" +
error_string(buf)};
}
return unique_pcap_t{device, &pcap_close};
}
static int
tc_pcap_open(pcap_t **pd, char *device, int snap_len, int buf_size)
{
int status;
char ebuf[PCAP_ERRBUF_SIZE];
*ebuf = '\0';
*pd = pcap_create(device, ebuf);
if (*pd == NULL) {
tc_log_info(LOG_ERR, 0, "pcap create error:%s", ebuf);
return TC_ERROR;
}
status = pcap_set_snaplen(*pd, snap_len);
if (status != 0) {
tc_log_info(LOG_ERR, 0, "pcap_set_snaplen error:%s",
pcap_statustostr(status));
return TC_ERROR;
}
status = pcap_set_promisc(*pd, 0);
if (status != 0) {
tc_log_info(LOG_ERR, 0, "pcap_set_promisc error:%s",
pcap_statustostr(status));
return TC_ERROR;
}
status = pcap_set_timeout(*pd, 1000);
if (status != 0) {
tc_log_info(LOG_ERR, 0, "pcap_set_timeout error:%s",
pcap_statustostr(status));
return TC_ERROR;
}
status = pcap_set_buffer_size(*pd, buf_size);
if (status != 0) {
tc_log_info(LOG_ERR, 0, "pcap_set_buffer_size error:%s",
pcap_statustostr(status));
return TC_ERROR;
}
tc_log_info(LOG_NOTICE, 0, "pcap_set_buffer_size:%d", buf_size);
status = pcap_activate(*pd);
if (status < 0) {
tc_log_info(LOG_ERR, 0, "pcap_activate error:%s",
pcap_statustostr(status));
return TC_ERROR;
} else if (status > 0) {
tc_log_info(LOG_WARN, 0, "pcap activate warn:%s",
pcap_statustostr(status));
}
return TC_OK;
}
NetworkInterface::NetworkInterface(const std::string& interface)
: m_pHandler(NULL), m_pFilter(NULL), m_pThread(NULL), m_sInterface(interface)
{
m_pHandler = pcap_create(interface.c_str(), m_sLastError);
if(!m_pHandler) {
std::cerr << "Can't create pcap handler on " << interface <<
" interface! Details: " << m_sLastError << std::endl;
}
}
void pcap_main_loop(const char* dev) {
char errbuf[PCAP_ERRBUF_SIZE];
/* open device for reading in promiscuous mode */
int promisc = 1;
bpf_u_int32 maskp; /* subnet mask */
bpf_u_int32 netp; /* ip */
logger<< log4cpp::Priority::INFO<<"Start listening on "<<dev;
/* Get the network address and mask */
pcap_lookupnet(dev, &netp, &maskp, errbuf);
descr = pcap_create(dev, errbuf);
if (descr == NULL) {
logger<< log4cpp::Priority::ERROR<<"pcap_create was failed with error: "<<errbuf;
exit(0);
}
// Setting up 1MB buffer
int set_buffer_size_res = pcap_set_buffer_size(descr, pcap_buffer_size_mbytes * 1024 * 1024);
if (set_buffer_size_res != 0 ) {
if (set_buffer_size_res == PCAP_ERROR_ACTIVATED) {
logger<< log4cpp::Priority::ERROR<<"Can't set buffer size because pcap already activated\n";
exit(1);
} else {
logger<< log4cpp::Priority::ERROR<<"Can't set buffer size due to error: "<<set_buffer_size_res;
exit(1);
}
}
if (pcap_set_promisc(descr, promisc) != 0) {
logger<< log4cpp::Priority::ERROR<<"Can't activate promisc mode for interface: "<<dev;
exit(1);
}
if (pcap_activate(descr) != 0) {
logger<< log4cpp::Priority::ERROR<<"Call pcap_activate was failed: "<<pcap_geterr(descr);
exit(1);
}
// man pcap-linktype
int link_layer_header_type = pcap_datalink(descr);
if (link_layer_header_type == DLT_EN10MB) {
DATA_SHIFT_VALUE = 14;
} else if (link_layer_header_type == DLT_LINUX_SLL) {
DATA_SHIFT_VALUE = 16;
} else {
logger<< log4cpp::Priority::INFO<<"We did not support link type:"<<link_layer_header_type;
exit(0);
}
pcap_loop(descr, -1, (pcap_handler)parse_packet, NULL);
}
int myPcapCatchAndAnaly() {
int status=0;
int header_type;
char errbuf[PCAP_ERRBUF_SIZE];
/* openwrt && linux */
char *dev=(char *)"wlan0";
/* mac os */
//test
// char* dev=(char *)"en0";
handle=pcap_create(dev,errbuf); //为抓取器打开一个句柄
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
return 0;
}
// 由于在该路由器测试时,发现在该openwrt系统上不支持libpcap设置monitor模式,在激活的时候会产生错误
// 将采用手动设置并检测网卡是否为monitor模式
// if(pcap_can_set_rfmon(handle)) {
// //查看是否能设置为监控模式
// printf("Device %s can be opened in monitor mode\n",dev);
// }
// else {
// printf("Device %s can't be opened in monitor mode!!!\n",dev);
// }
// 若是mac os系统,则可以支持
// test
if(pcap_set_rfmon(handle,1)!=0) {
fprintf(stderr, "Device %s couldn't be opened in monitor mode\n", dev);
return 0;
} else {
printf("Device %s has been opened in monitor mode\n", dev);
}
pcap_set_promisc(handle,0); //不设置混杂模式
pcap_set_snaplen(handle,65535); //设置最大捕获包的长度
status=pcap_activate(handle); //激活
if(status!=0) {
pcap_perror(handle,(char*)"pcap error: ");
return 0;
}
header_type=pcap_datalink(handle); //返回链路层的类型
if(header_type!=DLT_IEEE802_11_RADIO) {
printf("Error: incorrect header type - %d\n",header_type);
return 0;
}
int id = 0;
pcap_loop(handle, -1, getPacket, (u_char*)&id);
return 1;
}
NAPCapHandle *
na_pcap_open (const char *iface,
GError **error)
{
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *pcap_handle = pcap_create (iface, errbuf);
if (pcap_handle == NULL)
{
g_set_error (error,
NA_PCAP_ERROR,
NA_PCAP_ERROR_OPEN,
"pcap failed to create handle for iface: %s", errbuf);
return NULL;
}
pcap_set_snaplen (pcap_handle, PCAP_SNAPLEN);
pcap_set_timeout (pcap_handle, 100);
if (pcap_activate (pcap_handle) != 0)
{
g_set_error (error,
NA_PCAP_ERROR,
NA_PCAP_ERROR_OPEN,
"pcap failed to activate handle for iface");
return NULL;
}
NAPCapHandle *handle = g_new0 (NAPCapHandle, 1);
handle->pcap_handle = pcap_handle;
handle->iface = iface;
handle->linktype = pcap_datalink (pcap_handle);
switch (handle->linktype)
{
case (DLT_EN10MB):
g_debug ("Ethernet link detected");
break;
case (DLT_PPP):
g_debug ("PPP link detected");
break;
case (DLT_LINUX_SLL):
g_debug ("Linux Cooked Socket link detected");
break;
default:
g_debug ("No PPP or Ethernet link: %d", handle->linktype);
break;
}
return handle;
}
pcap_t *
pcap_open_live(const char *source, int snaplen, int promisc, int to_ms,
char *errbuf)
{
pcap_t *p;
int status;
p = pcap_create(source, errbuf);
if (p == NULL)
return (NULL);
status = pcap_set_snaplen(p, snaplen);
if (status < 0)
goto fail;
status = pcap_set_promisc(p, promisc);
if (status < 0)
goto fail;
status = pcap_set_timeout(p, to_ms);
if (status < 0)
goto fail;
/*
* Mark this as opened with pcap_open_live(), so that, for
* example, we show the full list of DLT_ values, rather
* than just the ones that are compatible with capturing
* when not in monitor mode. That allows existing applications
* to work the way they used to work, but allows new applications
* that know about the new open API to, for example, find out the
* DLT_ values that they can select without changing whether
* the adapter is in monitor mode or not.
*/
p->oldstyle = 1;
status = pcap_activate(p);
if (status < 0)
goto fail;
return (p);
fail:
if (status == PCAP_ERROR)
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
p->errbuf);
else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
status == PCAP_ERROR_PERM_DENIED ||
status == PCAP_ERROR_PROMISC_PERM_DENIED)
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
pcap_statustostr(status), p->errbuf);
else
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
pcap_statustostr(status));
pcap_close(p);
return (NULL);
}
CAMLprim value
stub_pcap_create (value p_device)
{
char errbuf[PCAP_ERRBUF_SIZE];
char *device;
pcap_t *ret;
device = String_val (p_device);
ret = pcap_create (device, errbuf);
if (ret == NULL) {
raise_error (errbuf);
}
return (value) ret;
}
static void
tcpeek_init_pcap(void) {
char *ifname, errmsg[PCAP_ERRBUF_SIZE], expression[] = "tcp or icmp";
struct bpf_program bpf;
if(strisempty(g.option.ifname)) {
ifname = pcap_lookupdev(errmsg);
if(!ifname) {
error_abort("%s", errmsg);
}
strncpy(g.option.ifname, ifname, sizeof(g.option.ifname) - 1);
}
g.pcap.pcap = pcap_create(g.option.ifname, errmsg);
if(!g.pcap.pcap) {
error_abort("%s", errmsg);
}
if(pcap_set_buffer_size(g.pcap.pcap, g.option.buffer * 1024 * 1024) != 0) {
error_abort("%s", "can not set buffer size");
}
if(pcap_set_snaplen(g.pcap.pcap, DEFAULT_PCAP_SNAPLEN) != 0) {
error_abort("%s", "can not set snaplen");
}
if(pcap_set_promisc(g.pcap.pcap, g.option.promisc) != 0) {
error_abort("%s", "can not set promiscuous mode");
}
if(pcap_set_timeout(g.pcap.pcap, 1) != 0) {
error_abort("%s", "can not set timeout");
}
if(pcap_activate(g.pcap.pcap) != 0) {
error_abort("%s", pcap_geterr(g.pcap.pcap));
}
if(pcap_compile(g.pcap.pcap, &bpf, expression, 0, 0) == -1) {
error_abort("%s '%s'", pcap_geterr(g.pcap.pcap), expression);
}
if(pcap_setfilter(g.pcap.pcap, &bpf) == -1){
error_abort("%s", pcap_geterr(g.pcap.pcap));
}
pcap_freecode(&bpf);
g.pcap.snapshot = pcap_snapshot(g.pcap.pcap);
g.pcap.datalink = pcap_datalink(g.pcap.pcap);
if(g.pcap.datalink != DLT_EN10MB && g.pcap.datalink != DLT_LINUX_SLL) {
error_abort("not support datalink %s (%s)",
pcap_datalink_val_to_name(g.pcap.datalink),
pcap_datalink_val_to_description(g.pcap.datalink)
);
}
}
static int
epcap_open(EPCAP_STATE *ep)
{
char errbuf[PCAP_ERRBUF_SIZE];
if (ep->file) {
PCAP_ERRBUF(ep->p = pcap_open_offline(ep->file, errbuf));
} else {
if (ep->dev == NULL)
PCAP_ERRBUF(ep->dev = pcap_lookupdev(errbuf));
#ifdef HAVE_PCAP_CREATE
PCAP_ERRBUF(ep->p = pcap_create(ep->dev, errbuf));
(void)pcap_set_snaplen(ep->p, ep->snaplen);
(void)pcap_set_promisc(ep->p, ep->opt & EPCAP_OPT_PROMISC);
(void)pcap_set_timeout(ep->p, ep->timeout);
if (ep->bufsz > 0)
(void)pcap_set_buffer_size(ep->p, ep->bufsz);
switch (pcap_activate(ep->p)) {
case 0:
break;
case PCAP_WARNING:
case PCAP_ERROR:
case PCAP_WARNING_PROMISC_NOTSUP:
case PCAP_ERROR_NO_SUCH_DEVICE:
case PCAP_ERROR_PERM_DENIED:
pcap_perror(ep->p, "pcap_activate: ");
exit(EXIT_FAILURE);
default:
exit(EXIT_FAILURE);
}
#else
PCAP_ERRBUF(ep->p = pcap_open_live(ep->dev, ep->snaplen,
ep->opt & EPCAP_OPT_PROMISC, ep->timeout, errbuf));
#endif
/* monitor mode */
#ifdef PCAP_ERROR_RFMON_NOTSUP
if (pcap_can_set_rfmon(ep->p) == 1)
(void)pcap_set_rfmon(ep->p, ep->opt & EPCAP_OPT_RFMON);
#endif
}
ep->datalink = pcap_datalink(ep->p);
return 0;
}
static pcap_t* _kqtime_newPCap(const char* source, const char* filter_expression,
pcap_direction_t pcapdir, int snaplen) {
char errbuf[PCAP_ERRBUF_SIZE];
struct bpf_program filter;
const char* pcap_source = source ? source : NULL;
pcap_t* handle = pcap_create(pcap_source, errbuf);
if(!handle) {
log("kqtime: error obtaining pcap handle: %s\n", errbuf);
return NULL;
}
if(pcap_set_snaplen(handle, 65536) != 0) {
log("kqtime: error setting pcap snaplen %d\n", snaplen);
pcap_close(handle);
return NULL;
}
if(pcap_activate(handle) != 0) {
log("kqtime: error activating capture device: %s\n", pcap_geterr(handle));
pcap_close(handle);
return NULL;
}
if(pcap_setdirection(handle, pcapdir) != 0) {
log("kqtime: error setting capture direction: %s\n", pcap_geterr(handle));
pcap_close(handle);
return NULL;
}
const char* pcap_filter_expression = filter_expression ? filter_expression : "tcp and not port ssh";
if(pcap_compile(handle, &filter, pcap_filter_expression,
0, PCAP_NETMASK_UNKNOWN) != 0) {
log("kqtime: error compiling filter: %s\n", pcap_geterr(handle));
pcap_close(handle);
return NULL;
}
if(pcap_setfilter(handle, &filter) < 0) {
log("kqtime: error setting filter: %s\n", pcap_geterr(handle));
pcap_freecode(&filter);
pcap_close(handle);
return NULL;
}
return handle;
}
static pcap_t *open_pcap(const char *iface, bpf_u_int32 *net, bpf_u_int32 *mask)
{
pcap_t *pcap = NULL;
char errbuf[PCAP_ERRBUF_SIZE];
char ipv4str[16], filter[128];
struct bpf_program bpf;
if (pcap_lookupnet(iface, net, mask, errbuf) != 0) {
fprintf(stderr, "pcap_lookupnet(): %s\n", errbuf);
goto fail;
}
if (inet_ntop(AF_INET, (const void *)net, ipv4str, sizeof ipv4str) == NULL) {
perror("inet_ntop()");
goto fail;
}
// snprintf(filter, sizeof filter, "ip dst %s and (tcp[tcpflags] & (tcp-syn | tcp-ack)) = (tcp-syn | tcp-ack)", ipv4str);
snprintf(filter, sizeof filter, "(tcp[tcpflags] & (tcp-syn | tcp-ack)) = (tcp-syn | tcp-ack)");
pcap = pcap_create(iface, errbuf);
if (pcap == NULL) {
fprintf(stderr, "pcap_create(): %s\n", errbuf);
goto fail;
}
(void)pcap_setdirection(pcap, PCAP_D_IN);
if (pcap_set_buffer_size(pcap, 131072) != 0) {
pcap_perror(pcap, "pcap_set_buffer_size()");
goto fail;
}
if (pcap_activate(pcap) != 0) {
pcap_perror(pcap, "pcap_activate()");
goto fail;
}
if (pcap_compile(pcap, &bpf, filter, 1, PCAP_NETMASK_UNKNOWN) != 0) {
pcap_perror(pcap, "pcap_compile()");
goto fail;
}
if (pcap_setfilter(pcap, &bpf) != 0) {
pcap_perror(pcap, "pcap_setfilter()");
goto fail;
}
pcap_freecode(&bpf);
return pcap;
fail:
if (pcap != NULL)
pcap_close(pcap);
return NULL;
}
pcap_t *
reader_libpcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf)
{
pcap_t *p;
int status;
p = pcap_create(source, errbuf);
if (p == NULL)
return (NULL);
status = pcap_set_snaplen(p, snaplen);
if (status < 0)
goto fail;
status = pcap_set_promisc(p, promisc);
if (status < 0)
goto fail;
status = pcap_set_timeout(p, to_ms);
if (status < 0)
goto fail;
status = pcap_set_buffer_size(p, config.pcapBufferSize);
if (status < 0)
goto fail;
status = pcap_activate(p);
if (status < 0)
goto fail;
status = pcap_setnonblock(p, TRUE, errbuf);
if (status < 0) {
pcap_close(p);
return (NULL);
}
return (p);
fail:
if (status == PCAP_ERROR)
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
pcap_geterr(p));
else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
status == PCAP_ERROR_PERM_DENIED)
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
pcap_statustostr(status), pcap_geterr(p));
else
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
pcap_statustostr(status));
pcap_close(p);
return (NULL);
}
static bool check_rfmon(const char *dev) {
char junk[PCAP_ERRBUF_SIZE];
pcap_t *handle;
handle = pcap_create(dev, junk);
if(!handle)
goto fail;
if(pcap_can_set_rfmon(handle) != 1)
goto fail;
pcap_close(handle);
return true;
fail:
pcap_close(handle);
return false;
}
static PyObject *ppcap_create(ppcap *self,
PyObject *args)
{
const char *device;
char errbuf[PCAP_ERRBUF_SIZE];
if (!PyArg_ParseTuple(args, "s", &device))
return NULL;
if (ppcap_isset_handle(self->handle)) {
PyErr_SetString(PyExc_Ppcap, "pcap handle is already created");
return NULL;
}
self->handle = pcap_create(device, errbuf);
if (!self->handle) {
PyErr_Format(PyExc_Ppcap, "%s", errbuf);
return NULL;
}
Py_RETURN_NONE;
}
static bool check_capture(char *errbuf, const char *dev) {
int err;
pcap_t *handle;
handle = pcap_create(dev, errbuf);
if(!handle)
goto fail;
err = pcap_activate(handle);
if(err)
strncpy(errbuf, pcap_geterr(handle), PCAP_ERRBUF_SIZE);
if(err && err != PCAP_WARNING)
goto fail;
pcap_close(handle);
return true;
fail:
pcap_close(handle);
return false;
}
//------------------------------------------------------------------------------
static pcap_t* startPcap(void)
{
pcap_t* pPcapInst = NULL;
char errorMessage[PCAP_ERRBUF_SIZE];
// Create a pcap live capture handle
pPcapInst = pcap_create(edrvInstance_l.initParam.pDevName, errorMessage);
if (pPcapInst == NULL)
{
DEBUG_LVL_ERROR_TRACE("%s() Error!! Can't open pcap: %s\n", __func__, errorMessage);
}
// Set snapshot length for a not-yet-activated capture handle
if (pcap_set_snaplen(pPcapInst, 65535) < 0)
{
DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP snap length\n", __func__);
}
// Set promiscuous mode for a not-yet-activated capture handle
if (pcap_set_promisc(pPcapInst, 1) < 0)
{
DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP promiscuous mode\n", __func__);
}
// Pcap immediate mode only supported by libpcap >=1.5.0
#ifdef PCAP_ERROR_TSTAMP_PRECISION_NOTSUP
// Set immediate mode for a not-yet-activated capture handle
if (pcap_set_immediate_mode(pPcapInst, 1) < 0)
{
DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP immediate mode\n", __func__);
}
#endif
// Activate the pcap capture handle with the previous parameters
if (pcap_activate(pPcapInst) < 0)
{
DEBUG_LVL_ERROR_TRACE("%s() couldn't activate PCAP\n", __func__);
}
return pPcapInst;
}
int capture_live(const char *filter) {
int err;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *handle;
char *dev = options.dev ? match_dev_regex_or_die(options.dev) : "all";
plog(1, "Capturing on device: %s", dev);
handle = pcap_create(dev, errbuf);
prep_pcap_handle(handle);
err = pcap_activate(handle);
if(err == PCAP_WARNING)
plog(0, "pcap_activate(): %s", pcap_geterr(handle));
else if(err == PCAP_WARNING_PROMISC_NOTSUP || err == PCAP_WARNING_TSTAMP_TYPE_NOTSUP)
plog(0, "pcap_activate(): %s", pcap_geterr(handle));
else if(err)
die(0, "pcap_activate(): %s", pcap_geterr(handle));
pcap_close(handle);
return 0;
}
void pcaplistener::initInterface()
{
char errbuf[PCAP_ERRBUF_SIZE];
if(pcap_lookupnet(listenInterface.c_str(), &net, &mask, errbuf))
{
fprintf(stderr, "Failed to look up netmask: %s", errbuf);
exit(0);
}
if(!(pcap = pcap_create(listenInterface.c_str(), errbuf)))
{
fprintf(stderr, "Failed to create interface source: %s", errbuf);
exit(0);
}
if(pcap_set_snaplen(pcap, SNAPLEN))
{
fprintf(stderr, "Failed to set pcap snapshot length: %s", errbuf);
exit(0);
}
if(pcap_set_promisc(pcap, 1))
{
fprintf(stderr, "Failed to set interface to promiscuous mode: %s", errbuf);
exit(0);
}
if(pcap_set_timeout(pcap, READ_TIMEOUT_MS))
{
fprintf(stderr, "Failed to set pcap timeout: %s", errbuf);
exit(0);
}
if(pcap_activate(pcap))
{
fprintf(stderr, "Failed to activate pcap: %s", errbuf);
exit(0);
}
fexpr = "(host 0.0.0.1)";
}
bool PcapActivity::openLive()
{
Poco::Buffer<char> errBuff(PCAP_ERRBUF_SIZE);
_pcap = pcap_create(_device.c_str(), errBuff.begin());
if (_pcap == nullptr) {
_logger.warning("Couldn't open device %s: %s", _device, std::string(errBuff.begin()));
return false;
}
int status = pcap_set_snaplen(_pcap, 1500);
if (status < 0) {
_logger.warning("Can't set pcap snaplen: %s", std::string(pcap_strerror(status)));
}
status = pcap_set_promisc(_pcap, 1);
if (status < 0) {
_logger.warning("Can't set pcap promiscuous mode: %s", std::string(pcap_strerror(status)));
}
status = pcap_set_timeout(_pcap, 2500);
if (status < 0) {
_logger.warning("Can't set pcap timeout: %s", std::string(pcap_strerror(status)));
}
#ifdef POCO_OS_FAMILY_UNIX
status = pcap_set_buffer_size(_pcap, 2097152); //2MB
#else
status = pcap_setbuff(_pcap, 2097152); //2MB
#endif
if (status < 0) {
_logger.warning("Can't set pcap buffer size: %s", std::string(pcap_strerror(status)));
}
status = pcap_activate(_pcap);
if (status < 0) {
_logger.warning("Couldn't activate device %s: %s", _device, std::string(pcap_strerror(status)));
return false;
}
return true;
}
