static pcap_t* open_pcap_dev(const char* ifname, int frameSize, char* errbuf) { pcap_t* handle = pcap_create(ifname, errbuf); if (handle) { int err; err = pcap_set_snaplen(handle, frameSize); if (err) AVB_LOGF_WARNING("Cannot set snap len %d", err); err = pcap_set_promisc(handle, 1); if (err) AVB_LOGF_WARNING("Cannot set promisc %d", err); err = pcap_set_immediate_mode(handle, 1); if (err) AVB_LOGF_WARNING("Cannot set immediate mode %d", err); // we need timeout (here 100ms) otherwise we could block for ever err = pcap_set_timeout(handle, 100); if (err) AVB_LOGF_WARNING("Cannot set timeout %d", err); err = pcap_set_tstamp_precision(handle, PCAP_TSTAMP_PRECISION_NANO); if (err) AVB_LOGF_WARNING("Cannot set tstamp nano precision %d", err); err = pcap_set_tstamp_type(handle, PCAP_TSTAMP_ADAPTER_UNSYNCED); if (err) AVB_LOGF_WARNING("Cannot set tstamp adapter unsynced %d", err); err = pcap_activate(handle); if (err) AVB_LOGF_WARNING("Cannot activate pcap %d", err); } return handle; }
pcap_t * pcap_open_live_extended(const char *source, int snaplen, int promisc, int to_ms, int rfmon, char *errbuf) { pcap_t *p; int status; p = pcap_create(source, errbuf); if (p == NULL) return (NULL); status = pcap_set_snaplen(p, snaplen); if (status < 0) goto fail; status = pcap_set_promisc(p, promisc); if (status < 0) goto fail; status = pcap_set_timeout(p, to_ms); if (status < 0) goto fail; if(pcap_can_set_rfmon(p) == 1) { status = pcap_set_rfmon(p, rfmon); if (status < 0) goto fail; } status = pcap_activate(p); if (status < 0) goto fail; return (p); fail: snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, pcap_geterr(p)); pcap_close(p); return (NULL); }
static bool check_promisc(const char *dev) { char junk[PCAP_ERRBUF_SIZE]; int err; pcap_t *handle; handle = pcap_create(dev, junk); if(!handle) goto fail; err = pcap_set_promisc(handle, 1); if(err) /* Should never error: pcap_set_promisc() only errors if handle is active. */ die(0, "DEBUG: Reached unreachable condition at %s:%lu\n", __FILE__, __LINE__); err = pcap_activate(handle); if(err && err != PCAP_WARNING) goto fail; pcap_close(handle); return true; fail: pcap_close(handle); return false; }
/* * Class: disy_jnipcap_Pcap * Method: setPromisc * Signature: (JI)I */ JNIEXPORT jint JNICALL Java_disy_jnipcap_Pcap_setPromisc (JNIEnv *env, jclass jcls, jlong jptr, jint jpromisc) { pcap_t *p = (pcap_t *) jptr; if (p == NULL) return -1; return (jint) pcap_set_promisc (p, (int) jpromisc); }
void capture(char *dev) { pcap_t *pcap; char errbuf[PCAP_ERRBUF_SIZE]; struct pcap_pkthdr header; /* The header that pcap gives us */ const u_char *packet; /* The actual packet */ if(NULL == dev) { dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); exit(1); } } pcap = pcap_create(dev, errbuf); pcap_set_rfmon(pcap, 1); pcap_set_promisc(pcap, 1); pcap_set_buffer_size(pcap, 1 * 1024 * 1024); pcap_set_timeout(pcap, 1); pcap_set_snaplen(pcap, 16384); pcap_activate(pcap); if(DLT_IEEE802_11_RADIO == pcap_datalink(pcap)) { pcap_loop(pcap, 0, got_packet, 0); } else { fprintf(stderr, "Could not initialize a IEEE802_11_RADIO packet capture for interface %s\n", dev); } }
/* Initializes pcap capture settings and returns a pcap handle on success, NULL on error */ pcap_t *capture_init(char *capture_source) { pcap_t *handle = NULL; char errbuf[PCAP_ERRBUF_SIZE] = {0}; #ifdef __APPLE__ // must disassociate from any current AP. This is the only way. pid_t pid = fork(); if (!pid) { char* argv[] = {"/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport", "-z", NULL}; execve("/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport", argv, NULL); } int status; waitpid(pid, &status, 0); handle = pcap_create(capture_source, errbuf); if (handle) { pcap_set_snaplen(handle, BUFSIZ); pcap_set_timeout(handle, 50); pcap_set_rfmon(handle, 1); pcap_set_promisc(handle, 1); int status = pcap_activate(handle); if (status) cprintf(CRITICAL, "pcap_activate status %d\n", status); } #else handle = pcap_open_live(capture_source, BUFSIZ, 1, 0, errbuf); #endif if (!handle) { handle = pcap_open_offline(capture_source, errbuf); } return handle; }
static int tc_pcap_open(pcap_t **pd, char *device, int snap_len, int buf_size) { int status; char ebuf[PCAP_ERRBUF_SIZE]; *ebuf = '\0'; *pd = pcap_create(device, ebuf); if (*pd == NULL) { tc_log_info(LOG_ERR, 0, "pcap create error:%s", ebuf); return TC_ERROR; } status = pcap_set_snaplen(*pd, snap_len); if (status != 0) { tc_log_info(LOG_ERR, 0, "pcap_set_snaplen error:%s", pcap_statustostr(status)); return TC_ERROR; } status = pcap_set_promisc(*pd, 0); if (status != 0) { tc_log_info(LOG_ERR, 0, "pcap_set_promisc error:%s", pcap_statustostr(status)); return TC_ERROR; } status = pcap_set_timeout(*pd, 1000); if (status != 0) { tc_log_info(LOG_ERR, 0, "pcap_set_timeout error:%s", pcap_statustostr(status)); return TC_ERROR; } status = pcap_set_buffer_size(*pd, buf_size); if (status != 0) { tc_log_info(LOG_ERR, 0, "pcap_set_buffer_size error:%s", pcap_statustostr(status)); return TC_ERROR; } tc_log_info(LOG_NOTICE, 0, "pcap_set_buffer_size:%d", buf_size); status = pcap_activate(*pd); if (status < 0) { tc_log_info(LOG_ERR, 0, "pcap_activate error:%s", pcap_statustostr(status)); return TC_ERROR; } else if (status > 0) { tc_log_info(LOG_WARN, 0, "pcap activate warn:%s", pcap_statustostr(status)); } return TC_OK; }
int myPcapCatchAndAnaly() { int status=0; int header_type; char errbuf[PCAP_ERRBUF_SIZE]; /* openwrt && linux */ char *dev=(char *)"wlan0"; /* mac os */ //test // char* dev=(char *)"en0"; handle=pcap_create(dev,errbuf); //为抓取器打开一个句柄 if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); return 0; } // 由于在该路由器测试时,发现在该openwrt系统上不支持libpcap设置monitor模式,在激活的时候会产生错误 // 将采用手动设置并检测网卡是否为monitor模式 // if(pcap_can_set_rfmon(handle)) { // //查看是否能设置为监控模式 // printf("Device %s can be opened in monitor mode\n",dev); // } // else { // printf("Device %s can't be opened in monitor mode!!!\n",dev); // } // 若是mac os系统,则可以支持 // test if(pcap_set_rfmon(handle,1)!=0) { fprintf(stderr, "Device %s couldn't be opened in monitor mode\n", dev); return 0; } else { printf("Device %s has been opened in monitor mode\n", dev); } pcap_set_promisc(handle,0); //不设置混杂模式 pcap_set_snaplen(handle,65535); //设置最大捕获包的长度 status=pcap_activate(handle); //激活 if(status!=0) { pcap_perror(handle,(char*)"pcap error: "); return 0; } header_type=pcap_datalink(handle); //返回链路层的类型 if(header_type!=DLT_IEEE802_11_RADIO) { printf("Error: incorrect header type - %d\n",header_type); return 0; } int id = 0; pcap_loop(handle, -1, getPacket, (u_char*)&id); return 1; }
void pcap_main_loop(const char* dev) { char errbuf[PCAP_ERRBUF_SIZE]; /* open device for reading in promiscuous mode */ int promisc = 1; bpf_u_int32 maskp; /* subnet mask */ bpf_u_int32 netp; /* ip */ logger<< log4cpp::Priority::INFO<<"Start listening on "<<dev; /* Get the network address and mask */ pcap_lookupnet(dev, &netp, &maskp, errbuf); descr = pcap_create(dev, errbuf); if (descr == NULL) { logger<< log4cpp::Priority::ERROR<<"pcap_create was failed with error: "<<errbuf; exit(0); } // Setting up 1MB buffer int set_buffer_size_res = pcap_set_buffer_size(descr, pcap_buffer_size_mbytes * 1024 * 1024); if (set_buffer_size_res != 0 ) { if (set_buffer_size_res == PCAP_ERROR_ACTIVATED) { logger<< log4cpp::Priority::ERROR<<"Can't set buffer size because pcap already activated\n"; exit(1); } else { logger<< log4cpp::Priority::ERROR<<"Can't set buffer size due to error: "<<set_buffer_size_res; exit(1); } } if (pcap_set_promisc(descr, promisc) != 0) { logger<< log4cpp::Priority::ERROR<<"Can't activate promisc mode for interface: "<<dev; exit(1); } if (pcap_activate(descr) != 0) { logger<< log4cpp::Priority::ERROR<<"Call pcap_activate was failed: "<<pcap_geterr(descr); exit(1); } // man pcap-linktype int link_layer_header_type = pcap_datalink(descr); if (link_layer_header_type == DLT_EN10MB) { DATA_SHIFT_VALUE = 14; } else if (link_layer_header_type == DLT_LINUX_SLL) { DATA_SHIFT_VALUE = 16; } else { logger<< log4cpp::Priority::INFO<<"We did not support link type:"<<link_layer_header_type; exit(0); } pcap_loop(descr, -1, (pcap_handler)parse_packet, NULL); }
pcap_t * pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf) { pcap_t *p; int status; p = pcap_create(source, errbuf); if (p == NULL) return (NULL); status = pcap_set_snaplen(p, snaplen); if (status < 0) goto fail; status = pcap_set_promisc(p, promisc); if (status < 0) goto fail; status = pcap_set_timeout(p, to_ms); if (status < 0) goto fail; /* * Mark this as opened with pcap_open_live(), so that, for * example, we show the full list of DLT_ values, rather * than just the ones that are compatible with capturing * when not in monitor mode. That allows existing applications * to work the way they used to work, but allows new applications * that know about the new open API to, for example, find out the * DLT_ values that they can select without changing whether * the adapter is in monitor mode or not. */ p->oldstyle = 1; status = pcap_activate(p); if (status < 0) goto fail; return (p); fail: if (status == PCAP_ERROR) snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, p->errbuf); else if (status == PCAP_ERROR_NO_SUCH_DEVICE || status == PCAP_ERROR_PERM_DENIED || status == PCAP_ERROR_PROMISC_PERM_DENIED) snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source, pcap_statustostr(status), p->errbuf); else snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, pcap_statustostr(status)); pcap_close(p); return (NULL); }
static void prep_pcap_handle(pcap_t *handle) { int err; err = pcap_set_rfmon(handle, options.rfmon); if(err) die(0, "DEBUG: pcap handle should not be activated at %s:%d", __FILE__, __LINE__); err = pcap_set_promisc(handle, options.promisc); if(err) die(0, "DEBUG: pcap handle should not be activated at %s:%d", __FILE__, __LINE__); err = pcap_set_snaplen(handle, options.snaplen); if(err) die(0, "DEBUG: pcap handle should not be activated at %s:%d", __FILE__, __LINE__); err = pcap_set_timeout(handle, options.read_timeout); if(err) die(0, "DEBUG: pcap handle should not be activated at %s:%d", __FILE__, __LINE__); if(options.buffer_size > 0) { err = pcap_set_buffer_size(handle, options.buffer_size); if(err) die(0, "DEBUG: pcap handle should not be activated at %s:%d", __FILE__, __LINE__); } if(options.tstamp_type != PCAP_ERROR) { err = pcap_set_tstamp_type(handle, options.tstamp_type); if(err == PCAP_ERROR_ACTIVATED) die(0, "DEBUG: pcap handle should not be activated at %s:%d", __FILE__, __LINE__); else if(err == PCAP_ERROR_CANTSET_TSTAMP_TYPE) die(0, "pcap_set_tstamp_type(): Device does not support setting the timestamp"); else if(err == PCAP_WARNING_TSTAMP_TYPE_NOTSUP) plog(0, "pcap_set_tstamp_type(): Device does not support specified tstamp type"); } if(options.tstamp_nano) { err = pcap_set_tstamp_precision(handle, PCAP_TSTAMP_PRECISION_NANO); if(err == PCAP_ERROR_ACTIVATED) die(0, "DEBUG: pcap handle should not be activated at %s:%d", __FILE__, __LINE__); else if(err == PCAP_ERROR_TSTAMP_PRECISION_NOTSUP) die(0, "pcap_set_tstamp_precision(): Device does not support nanosecond precision"); } if(options.linktype != PCAP_ERROR) { err = pcap_set_datalink(handle, options.linktype); if(err) die(0, "pcap_set_datalink(): %s", pcap_geterr(handle)); } }
static int epcap_open(EPCAP_STATE *ep) { char errbuf[PCAP_ERRBUF_SIZE]; if (ep->file) { PCAP_ERRBUF(ep->p = pcap_open_offline(ep->file, errbuf)); } else { if (ep->dev == NULL) PCAP_ERRBUF(ep->dev = pcap_lookupdev(errbuf)); #ifdef HAVE_PCAP_CREATE PCAP_ERRBUF(ep->p = pcap_create(ep->dev, errbuf)); (void)pcap_set_snaplen(ep->p, ep->snaplen); (void)pcap_set_promisc(ep->p, ep->opt & EPCAP_OPT_PROMISC); (void)pcap_set_timeout(ep->p, ep->timeout); if (ep->bufsz > 0) (void)pcap_set_buffer_size(ep->p, ep->bufsz); switch (pcap_activate(ep->p)) { case 0: break; case PCAP_WARNING: case PCAP_ERROR: case PCAP_WARNING_PROMISC_NOTSUP: case PCAP_ERROR_NO_SUCH_DEVICE: case PCAP_ERROR_PERM_DENIED: pcap_perror(ep->p, "pcap_activate: "); exit(EXIT_FAILURE); default: exit(EXIT_FAILURE); } #else PCAP_ERRBUF(ep->p = pcap_open_live(ep->dev, ep->snaplen, ep->opt & EPCAP_OPT_PROMISC, ep->timeout, errbuf)); #endif /* monitor mode */ #ifdef PCAP_ERROR_RFMON_NOTSUP if (pcap_can_set_rfmon(ep->p) == 1) (void)pcap_set_rfmon(ep->p, ep->opt & EPCAP_OPT_RFMON); #endif } ep->datalink = pcap_datalink(ep->p); return 0; }
static void tcpeek_init_pcap(void) { char *ifname, errmsg[PCAP_ERRBUF_SIZE], expression[] = "tcp or icmp"; struct bpf_program bpf; if(strisempty(g.option.ifname)) { ifname = pcap_lookupdev(errmsg); if(!ifname) { error_abort("%s", errmsg); } strncpy(g.option.ifname, ifname, sizeof(g.option.ifname) - 1); } g.pcap.pcap = pcap_create(g.option.ifname, errmsg); if(!g.pcap.pcap) { error_abort("%s", errmsg); } if(pcap_set_buffer_size(g.pcap.pcap, g.option.buffer * 1024 * 1024) != 0) { error_abort("%s", "can not set buffer size"); } if(pcap_set_snaplen(g.pcap.pcap, DEFAULT_PCAP_SNAPLEN) != 0) { error_abort("%s", "can not set snaplen"); } if(pcap_set_promisc(g.pcap.pcap, g.option.promisc) != 0) { error_abort("%s", "can not set promiscuous mode"); } if(pcap_set_timeout(g.pcap.pcap, 1) != 0) { error_abort("%s", "can not set timeout"); } if(pcap_activate(g.pcap.pcap) != 0) { error_abort("%s", pcap_geterr(g.pcap.pcap)); } if(pcap_compile(g.pcap.pcap, &bpf, expression, 0, 0) == -1) { error_abort("%s '%s'", pcap_geterr(g.pcap.pcap), expression); } if(pcap_setfilter(g.pcap.pcap, &bpf) == -1){ error_abort("%s", pcap_geterr(g.pcap.pcap)); } pcap_freecode(&bpf); g.pcap.snapshot = pcap_snapshot(g.pcap.pcap); g.pcap.datalink = pcap_datalink(g.pcap.pcap); if(g.pcap.datalink != DLT_EN10MB && g.pcap.datalink != DLT_LINUX_SLL) { error_abort("not support datalink %s (%s)", pcap_datalink_val_to_name(g.pcap.datalink), pcap_datalink_val_to_description(g.pcap.datalink) ); } }
pcap_t * reader_libpcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf) { pcap_t *p; int status; p = pcap_create(source, errbuf); if (p == NULL) return (NULL); status = pcap_set_snaplen(p, snaplen); if (status < 0) goto fail; status = pcap_set_promisc(p, promisc); if (status < 0) goto fail; status = pcap_set_timeout(p, to_ms); if (status < 0) goto fail; status = pcap_set_buffer_size(p, config.pcapBufferSize); if (status < 0) goto fail; status = pcap_activate(p); if (status < 0) goto fail; status = pcap_setnonblock(p, TRUE, errbuf); if (status < 0) { pcap_close(p); return (NULL); } return (p); fail: if (status == PCAP_ERROR) snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, pcap_geterr(p)); else if (status == PCAP_ERROR_NO_SUCH_DEVICE || status == PCAP_ERROR_PERM_DENIED) snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source, pcap_statustostr(status), pcap_geterr(p)); else snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, pcap_statustostr(status)); pcap_close(p); return (NULL); }
static PyObject *ppcap_set_promisc(ppcap *self, PyObject *args) { int promisc; int retval; if (!PyArg_ParseTuple(args, "i", &promisc)) return NULL; if (!ppcap_isset_handle(self->handle)) { PyErr_SetString(PyExc_Ppcap, "pcap handle is not created"); return NULL; } retval = pcap_set_promisc(self->handle, promisc); if (retval == PCAP_ERROR_ACTIVATED) { PyErr_Format(PyExc_Ppcap, "%s", pcap_geterr(self->handle)); return NULL; } Py_RETURN_NONE; }
//------------------------------------------------------------------------------ static pcap_t* startPcap(void) { pcap_t* pPcapInst = NULL; char errorMessage[PCAP_ERRBUF_SIZE]; // Create a pcap live capture handle pPcapInst = pcap_create(edrvInstance_l.initParam.pDevName, errorMessage); if (pPcapInst == NULL) { DEBUG_LVL_ERROR_TRACE("%s() Error!! Can't open pcap: %s\n", __func__, errorMessage); } // Set snapshot length for a not-yet-activated capture handle if (pcap_set_snaplen(pPcapInst, 65535) < 0) { DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP snap length\n", __func__); } // Set promiscuous mode for a not-yet-activated capture handle if (pcap_set_promisc(pPcapInst, 1) < 0) { DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP promiscuous mode\n", __func__); } // Pcap immediate mode only supported by libpcap >=1.5.0 #ifdef PCAP_ERROR_TSTAMP_PRECISION_NOTSUP // Set immediate mode for a not-yet-activated capture handle if (pcap_set_immediate_mode(pPcapInst, 1) < 0) { DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP immediate mode\n", __func__); } #endif // Activate the pcap capture handle with the previous parameters if (pcap_activate(pPcapInst) < 0) { DEBUG_LVL_ERROR_TRACE("%s() couldn't activate PCAP\n", __func__); } return pPcapInst; }
bool PcapActivity::openLive() { Poco::Buffer<char> errBuff(PCAP_ERRBUF_SIZE); _pcap = pcap_create(_device.c_str(), errBuff.begin()); if (_pcap == nullptr) { _logger.warning("Couldn't open device %s: %s", _device, std::string(errBuff.begin())); return false; } int status = pcap_set_snaplen(_pcap, 1500); if (status < 0) { _logger.warning("Can't set pcap snaplen: %s", std::string(pcap_strerror(status))); } status = pcap_set_promisc(_pcap, 1); if (status < 0) { _logger.warning("Can't set pcap promiscuous mode: %s", std::string(pcap_strerror(status))); } status = pcap_set_timeout(_pcap, 2500); if (status < 0) { _logger.warning("Can't set pcap timeout: %s", std::string(pcap_strerror(status))); } #ifdef POCO_OS_FAMILY_UNIX status = pcap_set_buffer_size(_pcap, 2097152); //2MB #else status = pcap_setbuff(_pcap, 2097152); //2MB #endif if (status < 0) { _logger.warning("Can't set pcap buffer size: %s", std::string(pcap_strerror(status))); } status = pcap_activate(_pcap); if (status < 0) { _logger.warning("Couldn't activate device %s: %s", _device, std::string(pcap_strerror(status))); return false; } return true; }
void pcaplistener::initInterface() { char errbuf[PCAP_ERRBUF_SIZE]; if(pcap_lookupnet(listenInterface.c_str(), &net, &mask, errbuf)) { fprintf(stderr, "Failed to look up netmask: %s", errbuf); exit(0); } if(!(pcap = pcap_create(listenInterface.c_str(), errbuf))) { fprintf(stderr, "Failed to create interface source: %s", errbuf); exit(0); } if(pcap_set_snaplen(pcap, SNAPLEN)) { fprintf(stderr, "Failed to set pcap snapshot length: %s", errbuf); exit(0); } if(pcap_set_promisc(pcap, 1)) { fprintf(stderr, "Failed to set interface to promiscuous mode: %s", errbuf); exit(0); } if(pcap_set_timeout(pcap, READ_TIMEOUT_MS)) { fprintf(stderr, "Failed to set pcap timeout: %s", errbuf); exit(0); } if(pcap_activate(pcap)) { fprintf(stderr, "Failed to activate pcap: %s", errbuf); exit(0); } fexpr = "(host 0.0.0.1)"; }
static int input_pcap_interface_open(struct input *i) { struct input_pcap_priv *p = i->priv; char errbuf[PCAP_ERRBUF_SIZE + 1] = { 0 }; char *interface = PTYPE_STRING_GETVAL(p->tpriv.iface.p_interface); p->p = pcap_create(interface, errbuf); if (!p->p) { pomlog(POMLOG_ERR "Error opening interface %s : %s", interface, errbuf); return POM_ERR; } char *promisc = PTYPE_BOOL_GETVAL(p->tpriv.iface.p_promisc); int err = pcap_set_promisc(p->p, *promisc); if (err) pomlog(POMLOG_WARN "Error while setting promisc mode : %s", pcap_statustostr(err)); uint32_t buff_size = *PTYPE_UINT32_GETVAL(p->tpriv.iface.p_buff_size); err = pcap_set_buffer_size(p->p, buff_size); if (err) pomlog(POMLOG_WARN "Error while setting the pcap buffer size : %s", pcap_statustostr(err)); err = pcap_activate(p->p); if (err < 0) { pomlog(POMLOG_ERR "Error while activating pcap : %s", pcap_statustostr(err)); return POM_ERR; } else if (err > 0) { pomlog(POMLOG_WARN "Warning while activating pcap : %s", pcap_statustostr(err)); } return input_pcap_common_open(i); }
int main(int argc, char **argv) { register int op; register char *cp, *device; int dorfmon, dopromisc, snaplen, useactivate, bufsize; char ebuf[PCAP_ERRBUF_SIZE]; pcap_t *pd; int status = 0; device = NULL; dorfmon = 0; dopromisc = 0; snaplen = MAXIMUM_SNAPLEN; bufsize = 0; useactivate = 0; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; else program_name = argv[0]; opterr = 0; while ((op = getopt(argc, argv, "i:Ips:aB:")) != -1) { switch (op) { case 'i': device = optarg; break; case 'I': dorfmon = 1; useactivate = 1; /* required for rfmon */ break; case 'p': dopromisc = 1; break; case 's': { char *end; snaplen = strtol(optarg, &end, 0); if (optarg == end || *end != '\0' || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN) error("invalid snaplen %s", optarg); else if (snaplen == 0) snaplen = MAXIMUM_SNAPLEN; break; } case 'B': bufsize = atoi(optarg)*1024; if (bufsize <= 0) error("invalid packet buffer size %s", optarg); useactivate = 1; /* required for bufsize */ break; case 'a': useactivate = 1; break; default: usage(); /* NOTREACHED */ } } if (useactivate) { pd = pcap_create(device, ebuf); if (pd == NULL) error("%s", ebuf); status = pcap_set_snaplen(pd, snaplen); if (status != 0) error("%s: pcap_set_snaplen failed: %s", device, pcap_statustostr(status)); if (dopromisc) { status = pcap_set_promisc(pd, 1); if (status != 0) error("%s: pcap_set_promisc failed: %s", device, pcap_statustostr(status)); } if (dorfmon) { status = pcap_set_rfmon(pd, 1); if (status != 0) error("%s: pcap_set_rfmon failed: %s", device, pcap_statustostr(status)); } status = pcap_set_timeout(pd, 1000); if (status != 0) error("%s: pcap_set_timeout failed: %s", device, pcap_statustostr(status)); if (bufsize != 0) { status = pcap_set_buffer_size(pd, bufsize); if (status != 0) error("%s: pcap_set_buffer_size failed: %s", device, pcap_statustostr(status)); } status = pcap_activate(pd); if (status < 0) { /* * pcap_activate() failed. */ error("%s: %s\n(%s)", device, pcap_statustostr(status), pcap_geterr(pd)); } else if (status > 0) { /* * pcap_activate() succeeded, but it's warning us * of a problem it had. */ warning("%s: %s\n(%s)", device, pcap_statustostr(status), pcap_geterr(pd)); } } else { *ebuf = '\0'; pd = pcap_open_live(device, 65535, 0, 1000, ebuf); if (pd == NULL) error("%s", ebuf); else if (*ebuf) warning("%s", ebuf); } pcap_close(pd); exit(status < 0 ? 1 : 0); }
int vpi_pcap_interface_create(vpi_interface_t** vi, char* args[], int flags, const char* vpi_name_ptr) { vpi_interface_pcap_t* nvi = aim_zmalloc(sizeof(*nvi)); char** arg = args; char errbuf[PCAP_ERRBUF_SIZE]; AIM_REFERENCE(flags); if(nvi == NULL) { VPI_MERROR("interface allocation failed for %s.", vpi_name_ptr); return -1; } /* * Point our log_string to our name so we can use it immediately * in log messages. */ nvi->log_string = vpi_name_ptr; /* * The first argument is the type -- skip for now */ arg++; /* * next arg - interface name. */ if((nvi->pcap = pcap_create(*arg, errbuf)) == NULL) { VPI_ERROR(nvi, "pcap_create(%s) failed: %s\n", *arg, errbuf); aim_free(nvi); return -1; } if(pcap_set_promisc(nvi->pcap, 1) != 0) { VPI_WARN(nvi, "pcap_set_promisc() failed."); } if (pcap_activate(nvi->pcap) != 0) { VPI_ERROR(nvi, "pcap_activate() failed: %s", pcap_geterr(nvi->pcap)); pcap_close(nvi->pcap); aim_free(nvi); return -1; } nvi->fd = pcap_get_selectable_fd(nvi->pcap); if(nvi->fd < 0) { VPI_WARN(nvi, "pcap_get_selectable_fd() returned %d", nvi->fd); } nvi->interface.send = vpi_pcap_interface_send; nvi->interface.recv = vpi_pcap_interface_recv; nvi->interface.recv_ready = vpi_pcap_interface_recv_ready; nvi->interface.destroy = vpi_pcap_interface_destroy; nvi->interface.descriptor = vpi_pcap_interface_descriptor; *vi = (vpi_interface_t*)nvi; return 0; }
struct if_pcap_host_context * if_pcap_create_handle(const char *ifname, unsigned int isfile, if_pcap_handler handler, void *handlerarg) { struct if_pcap_host_context *ctx; int dlt; ctx = calloc(1, sizeof(*ctx)); if (NULL == ctx) goto fail; ctx->isfile = isfile; ctx->pkthandler = handler; ctx->pkthandlerarg = handlerarg; if (ctx->isfile) { ctx->p = pcap_open_offline(ifname, ctx->errbuf); if (NULL == ctx->p) goto fail; } else { ctx->p = pcap_create(ifname, ctx->errbuf); if (NULL == ctx->p) goto fail; if (-1 == pcap_setdirection(ctx->p, PCAP_D_IN)) { printf("Could not restrict pcap capture to input on %s\n", ifname); goto fail; } pcap_set_timeout(ctx->p, 1); pcap_set_snaplen(ctx->p, 65535); pcap_set_promisc(ctx->p, 1); switch (pcap_activate(ctx->p)) { case 0: break; case PCAP_WARNING_PROMISC_NOTSUP: printf("Promiscuous mode not supported on %s: %s\n", ifname, pcap_geterr(ctx->p)); break; case PCAP_WARNING: printf("Warning while activating pcap capture on %s: %s\n", ifname, pcap_geterr(ctx->p)); break; case PCAP_ERROR_NO_SUCH_DEVICE: case PCAP_ERROR_PERM_DENIED: printf("Error activating pcap capture on %s: %s\n", ifname, pcap_geterr(ctx->p)); /* FALLTHOUGH */ default: goto fail; break; } dlt = pcap_datalink(ctx->p); if (DLT_EN10MB != dlt) { printf("Data link type on %s is %d, only %d supported\n", ifname, dlt, DLT_EN10MB); goto fail; } } return (ctx); fail: if (ctx) free(ctx); return (NULL); }
/** * Set up pcap listener for the given interfaces and protocols. * @return a properly configured pcap_t* object for listening for the given protocols - NULL on error * @see pcap_protocols */ pcap_t* create_pcap_listener(const char * dev ///<[in] Device name to listen on , gboolean blocking ///<[in] TRUE if this is a blocking connection , unsigned listenmask ///<[in] Bit mask of protocols to listen for ///< (see @ref pcap_protocols "list of valid bits") , struct bpf_program*prog) ///<[out] Compiled PCAP program { pcap_t* pcdescr = NULL; bpf_u_int32 maskp = 0; bpf_u_int32 netp = 0; char errbuf[PCAP_ERRBUF_SIZE]; char * expr = NULL; int filterlen = 1; unsigned j; int cnt=0; int rc; const char ORWORD [] = " or "; gboolean need_promisc = FALSE; BINDDEBUG(pcap_t); // setbuf(stdout, NULL); setvbuf(stdout, NULL, _IONBF, 0); errbuf[0] = '\0'; // Search the list of valid bits so we can construct the libpcap filter // for the given set of protocols on the fly... // On this pass we just compute the amount of memory we'll need... for (j = 0, cnt = 0; j < DIMOF(filterinfo); ++j) { if (listenmask & filterinfo[j].filterbit) { ++cnt; if (cnt > 1) { filterlen += sizeof(ORWORD); } filterlen += strlen(filterinfo[j].filter); } } if (filterlen < 2) { g_warning("Constructed filter is too short - invalid mask argument."); return NULL; } if (NULL == (expr = malloc(filterlen))) { g_error("Out of memory!"); return NULL; } // Same song, different verse... // This time around, we construct the filter expr[0] = '\0'; for (j = 0, cnt = 0; j < DIMOF(filterinfo); ++j) { if (listenmask & filterinfo[j].filterbit) { ++cnt; if (cnt > 1) { g_strlcat(expr, ORWORD, filterlen); } g_strlcat(expr, filterinfo[j].filter, filterlen); } } if (pcap_lookupnet(dev, &netp, &maskp, errbuf) != 0) { // This is not a problem for non-IPv4 protocols... // It just looks up the ipv4 address - which we mostly don't care about. g_info("%s.%d: pcap_lookupnet(\"%s\") failed: [%s]" , __FUNCTION__, __LINE__, dev, errbuf); } if (NULL == (pcdescr = pcap_create(dev, errbuf))) { g_warning("pcap_create failed: [%s]", errbuf); goto oopsie; } //pcap_set_promisc(pcdescr, FALSE); for (j = 0; j < DIMOF(filterinfo); ++j) { if (listenmask & filterinfo[j].filterbit) { const char * addrstring = filterinfo[j].mcastaddr; if (addrstring && !_enable_mcast_address(addrstring, dev, TRUE)) { need_promisc = TRUE; } } } pcap_set_promisc(pcdescr, need_promisc); #ifdef HAVE_PCAP_SET_RFMON pcap_set_rfmon(pcdescr, FALSE); #endif pcap_setdirection(pcdescr, PCAP_D_IN); // Weird bug - returns -3 and doesn't show an error message... // And pcap_getnonblock also returns -3... Neither should happen AFAIK... errbuf[0] = '\0'; if ((rc = pcap_setnonblock(pcdescr, !blocking, errbuf)) < 0 && errbuf[0] != '\0') { g_warning("pcap_setnonblock(%d) failed: [%s] [rc=%d]", !blocking, errbuf, rc); g_warning("Have no idea why this happens - current blocking state is: %d." , pcap_getnonblock(pcdescr, errbuf)); } pcap_set_snaplen(pcdescr, 1500); /// @todo deal with pcap_set_timeout() call here. if (blocking) { pcap_set_timeout(pcdescr, 240*1000); } else { pcap_set_timeout(pcdescr, 1); } //pcap_set_buffer_size(pcdescr, 1500); if (pcap_activate(pcdescr) != 0) { g_warning("pcap_activate failed: [%s]", pcap_geterr(pcdescr)); goto oopsie; } if (pcap_compile(pcdescr, prog, expr, FALSE, maskp) < 0) { g_warning("pcap_compile of [%s] failed: [%s]", expr, pcap_geterr(pcdescr)); goto oopsie; } if (pcap_setfilter(pcdescr, prog) < 0) { g_warning("pcap_setfilter on [%s] failed: [%s]", expr, pcap_geterr(pcdescr)); goto oopsie; } DEBUGMSG1("Compile of [%s] worked!", expr); free(expr); expr = NULL; return(pcdescr); oopsie: // Some kind of failure - free things up and return NULL g_warning("%s.%d: Could not set up PCAP on %s" , __FUNCTION__, __LINE__, dev); if (expr) { free(expr); expr = NULL; } if (pcdescr) { close_pcap_listener(pcdescr, dev, listenmask); pcdescr = NULL; } return NULL; }
int main(int argc, char** argv) { int ret = 0; int hadBadPacket = 0; int inum; int port; int saveFile = 0; int i = 0; int frame = ETHER_IF_FRAME_LEN; char err[PCAP_ERRBUF_SIZE]; char filter[32]; const char *server = NULL; struct bpf_program fp; pcap_if_t *d; pcap_addr_t *a; signal(SIGINT, sig_handler); #ifndef _WIN32 ssl_InitSniffer(); /* dll load on Windows */ #endif ssl_Trace("./tracefile.txt", err); if (argc == 1) { /* normal case, user chooses device and port */ if (pcap_findalldevs(&alldevs, err) == -1) err_sys("Error in pcap_findalldevs"); for (d = alldevs; d; d=d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf(" (No description available)\n"); } if (i == 0) err_sys("No interfaces found! Make sure pcap or WinPcap is" " installed correctly and you have sufficient permissions"); printf("Enter the interface number (1-%d): ", i); ret = scanf("%d", &inum); if (ret != 1) printf("scanf port failed\n"); if (inum < 1 || inum > i) err_sys("Interface number out of range"); /* Jump to the selected adapter */ for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++); pcap = pcap_create(d->name, err); if (pcap == NULL) printf("pcap_create failed %s\n", err); /* get an IPv4 address */ for (a = d->addresses; a; a = a->next) { switch(a->addr->sa_family) { case AF_INET: server = iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr); printf("server = %s\n", server); break; default: break; } } if (server == NULL) err_sys("Unable to get device IPv4 address"); ret = pcap_set_snaplen(pcap, 65536); if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap)); ret = pcap_set_timeout(pcap, 1000); if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap)); ret = pcap_set_buffer_size(pcap, 1000000); if (ret != 0) printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap)); ret = pcap_set_promisc(pcap, 1); if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap)); ret = pcap_activate(pcap); if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap)); printf("Enter the port to scan: "); ret = scanf("%d", &port); if (ret != 1) printf("scanf port failed\n"); SNPRINTF(filter, sizeof(filter), "tcp and port %d", port); ret = pcap_compile(pcap, &fp, filter, 0, 0); if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap)); ret = pcap_setfilter(pcap, &fp); if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap)); ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem", FILETYPE_PEM, NULL, err); if (ret != 0) { printf("Please run directly from sslSniffer/sslSnifferTest dir\n"); } #ifdef HAVE_SNI { char altName[128]; printf("Enter alternate SNI: "); ret = scanf("%s", altName); if (strnlen(altName, 128) > 0) { ret = ssl_SetNamedPrivateKey(altName, server, port, "../../certs/server-key.pem", FILETYPE_PEM, NULL, err); if (ret != 0) { printf("Please run directly from " "sslSniffer/sslSnifferTest dir\n"); } } } #endif } else if (argc >= 3) { saveFile = 1; pcap = pcap_open_offline(argv[1], err); if (pcap == NULL) { printf("pcap_open_offline failed %s\n", err); ret = -1; } else { const char* passwd = NULL; /* defaults for server and port */ port = 443; server = "127.0.0.1"; if (argc >= 4) server = argv[3]; if (argc >= 5) port = atoi(argv[4]); if (argc >= 6) passwd = argv[5]; ret = ssl_SetPrivateKey(server, port, argv[2], FILETYPE_PEM, passwd, err); } } else { /* usage error */ printf( "usage: ./snifftest or ./snifftest dump pemKey" " [server] [port] [password]\n"); exit(EXIT_FAILURE); } if (ret != 0) err_sys(err); if (pcap_datalink(pcap) == DLT_NULL) frame = NULL_IF_FRAME_LEN; while (1) { static int packetNumber = 0; struct pcap_pkthdr header; const unsigned char* packet = pcap_next(pcap, &header); packetNumber++; if (packet) { byte data[65535+16384]; /* may have a partial 16k record cached */ if (header.caplen > 40) { /* min ip(20) + min tcp(20) */ packet += frame; header.caplen -= frame; } else continue; ret = ssl_DecodePacket(packet, header.caplen, data, err); if (ret < 0) { printf("ssl_Decode ret = %d, %s\n", ret, err); hadBadPacket = 1; } if (ret > 0) { data[ret] = 0; printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data); } } else if (saveFile) break; /* we're done reading file */ } FreeAll(); return hadBadPacket ? EXIT_FAILURE : EXIT_SUCCESS; }
/** Open a PCAP handle abstraction * * This opens interfaces for capture or injection, or files/streams for reading/writing. * @param pcap created with fr_pcap_init. * @return 0 on success, -1 on error. */ int fr_pcap_open(fr_pcap_t *pcap) { switch (pcap->type) { case PCAP_INTERFACE_OUT: case PCAP_INTERFACE_IN: { #if defined(HAVE_PCAP_CREATE) && defined(HAVE_PCAP_ACTIVATE) pcap->handle = pcap_create(pcap->name, pcap->errbuf); if (!pcap->handle) { fr_strerror_printf("%s", pcap->errbuf); return -1; } if (pcap_set_snaplen(pcap->handle, SNAPLEN) != 0) { create_error: fr_strerror_printf("%s", pcap_geterr(pcap->handle)); pcap_close(pcap->handle); pcap->handle = NULL; return -1; } if (pcap_set_timeout(pcap->handle, PCAP_NONBLOCK_TIMEOUT) != 0) { goto create_error; } if (pcap_set_promisc(pcap->handle, pcap->promiscuous) != 0) { goto create_error; } if (pcap_set_buffer_size(pcap->handle, SNAPLEN * (pcap->buffer_pkts ? pcap->buffer_pkts : PCAP_BUFFER_DEFAULT)) != 0) { goto create_error; } if (pcap_activate(pcap->handle) != 0) { goto create_error; } #else /* * Alternative functions for libpcap < 1.0 */ pcap->handle = pcap_open_live(pcap->name, SNAPLEN, pcap->promiscuous, PCAP_NONBLOCK_TIMEOUT, pcap->errbuf); if (!pcap->handle) { fr_strerror_printf("%s", pcap->errbuf); return -1; } #endif /* * Despite accepting an errbuff, pcap_setnonblock doesn't seem to write * error message there in newer versions. */ if (pcap_setnonblock(pcap->handle, true, pcap->errbuf) != 0) { fr_strerror_printf("%s", *pcap->errbuf != '\0' ? pcap->errbuf : pcap_geterr(pcap->handle)); pcap_close(pcap->handle); pcap->handle = NULL; return -1; } pcap->fd = pcap_get_selectable_fd(pcap->handle); pcap->link_layer = pcap_datalink(pcap->handle); #ifndef __linux__ { int value = 1; if (ioctl(pcap->fd, BIOCIMMEDIATE, &value) < 0) { fr_strerror_printf("Failed setting BIOCIMMEDIATE: %s", fr_syserror(errno)); } } #endif } break; case PCAP_FILE_IN: pcap->handle = pcap_open_offline(pcap->name, pcap->errbuf); if (!pcap->handle) { fr_strerror_printf("%s", pcap->errbuf); return -1; } pcap->fd = pcap_get_selectable_fd(pcap->handle); pcap->link_layer = pcap_datalink(pcap->handle); break; case PCAP_FILE_OUT: if (pcap->link_layer < 0) { pcap->link_layer = DLT_EN10MB; } pcap->handle = pcap_open_dead(pcap->link_layer, SNAPLEN); if (!pcap->handle) { fr_strerror_printf("Unknown error occurred opening dead PCAP handle"); return -1; } pcap->dumper = pcap_dump_open(pcap->handle, pcap->name); if (!pcap->dumper) { fr_strerror_printf("%s", pcap_geterr(pcap->handle)); return -1; } break; #ifdef HAVE_PCAP_FOPEN_OFFLINE case PCAP_STDIO_IN: pcap->handle = pcap_fopen_offline(stdin, pcap->errbuf); if (!pcap->handle) { fr_strerror_printf("%s", pcap->errbuf); return -1; } pcap->fd = pcap_get_selectable_fd(pcap->handle); pcap->link_layer = pcap_datalink(pcap->handle); break; #else case PCAP_STDIO_IN: fr_strerror_printf("This version of libpcap does not support reading pcap data from streams"); return -1; #endif #ifdef HAVE_PCAP_DUMP_FOPEN case PCAP_STDIO_OUT: pcap->handle = pcap_open_dead(DLT_EN10MB, SNAPLEN); pcap->dumper = pcap_dump_fopen(pcap->handle, stdout); if (!pcap->dumper) { fr_strerror_printf("%s", pcap_geterr(pcap->handle)); return -1; } break; #else case PCAP_STDIO_OUT: fr_strerror_printf("This version of libpcap does not support writing pcap data to streams"); return -1; #endif case PCAP_INVALID: default: fr_assert(0); fr_strerror_printf("Bad handle type (%i)", pcap->type); return -1; } return 0; }
/** * main(int argc, char * const argv[]) * * program entry point */ int main(int argc, char * const argv[]) { struct config_s config; char errbuf[PCAP_ERRBUF_SIZE]; struct ifreq ifr; struct sockaddr_ll sa; int n, valid_mac; int fd = 0; int runcond=1; pcap_t *p; memset(&config, 0, sizeof(config)); config.vlan = 1; config.debuglevel = 0; config.cisco_port_low = config.cisco_port_high = 50505; config.do_check_addr = 1; fprintf(stderr,"IP SLA responder v2.0 (c) Aki Tuomi 2013-\r\n"); fprintf(stderr,"See LICENSE for more information\r\n"); if (argc == 2) { if (argv[1][0] != '-') { if (configure(argv[1], &config)) return -1; } else { fprintf(stderr,"Usage: %s [config file]\r\n\tDefaults to %s\r\n", argv[0], CONFIGFILE); return -1; } } else { if (configure(CONFIGFILE, &config)) return -1; } if (config.do_ip4) { if (config.do_check_addr) { char addr[200]; inet_ntop(AF_INET, &config.ip_addr, addr, 200); fprintf(stderr, "Listening on %s %s:%u-%u\n", config.ifname, addr, config.cisco_port_low, config.cisco_port_high); } else { fprintf(stderr, "Listening on %s 0.0.0.0:%u-%u\n", config.ifname, config.cisco_port_low, config.cisco_port_high); } } if (config.do_ip6) { char addr[200]; inet_ntop(AF_INET6, &config.ip6_addr, addr, 200); fprintf(stderr, "Listening on %s [%s]:%u-%u\n", config.ifname, addr, config.cisco_port_low, config.cisco_port_high); } // select first non-loopback if here if (strlen(config.ifname) == 0) { pcap_if_t *alldevsp, *devptr; if (pcap_findalldevs(&alldevsp, errbuf)) { fprintf(stderr, "pcap_findalldevs: %s\n", errbuf); return EXIT_FAILURE; } for(devptr = alldevsp; devptr != NULL; devptr = devptr->next) { if ((devptr->flags & PCAP_IF_LOOPBACK) == PCAP_IF_LOOPBACK) continue; // OK, this is our interface. break; } if (devptr == NULL) { fprintf(stderr, "cannot find suitable interface for operations\r\n"); return EXIT_FAILURE; } strncpy(config.ifname, devptr->name, sizeof(config.ifname)); pcap_freealldevs(alldevsp); } // create raw socket fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); // check for valid mac for(n = 0; n < ETH_ALEN; n++) { valid_mac = config.mac[n]; if (valid_mac > 0) break; } if (valid_mac == 0) { // need mac from our interface memset(&ifr,0,sizeof ifr); strncpy(ifr.ifr_name, config.ifname, IFNAMSIZ); ioctl(fd, SIOCGIFHWADDR, &ifr); memcpy(config.mac, ifr.ifr_hwaddr.sa_data, ETH_ALEN); } // get interface index for binding memset(&ifr,0,sizeof ifr); strncpy(ifr.ifr_name, config.ifname, IFNAMSIZ); ioctl(fd, SIOCGIFINDEX, &ifr); memset(&sa,0,sizeof sa); // bind our packet if to interface sa.sll_family = AF_PACKET; sa.sll_ifindex = ifr.ifr_ifindex; sa.sll_protocol = htons(ETH_P_ALL); bind(fd, (struct sockaddr*)&sa, sizeof sa); if (config.do_ip6) generate_ip6_values(&config); // initialize pcap p = pcap_create(ifr.ifr_name, errbuf); if (pcap_set_snaplen(p, 65535)) { pcap_perror(p, "pcap_set_snaplen"); exit(1); } if (pcap_set_promisc(p, 1)) { pcap_perror(p, "pcap_set_promisc"); exit(1); } // need to activate before setting datalink and filter pcap_activate(p); if (pcap_set_datalink(p, 1) != 0) { pcap_perror(p, "pcap_set_datalink"); exit(1); } // start doing hard work while(runcond) { struct pak_handler_s tmp; tmp.config = &config; tmp.fd = fd; switch(pcap_dispatch(p, 0, pak_handler, (u_char*)&tmp)) { case -1: // ERROR! pcap_perror(p, "pcap_dispatch"); case -2: // abort runcond = 0; } } pcap_close(p); return 0; }
void Sniffer::set_promisc_mode(bool promisc_enabled) { if (pcap_set_promisc(get_pcap_handle(), promisc_enabled)) { throw pcap_error(pcap_geterr(get_pcap_handle())); } }
int main(int argc, char **argv) { char *cp, *device; int op; int dorfmon, useactivate; char ebuf[PCAP_ERRBUF_SIZE]; char *infile; char *cmdbuf; pcap_t *pd; int status = 0; int pcap_fd; #if defined(USE_BPF) struct bpf_program bad_fcode; struct bpf_insn uninitialized[INSN_COUNT]; #elif defined(USE_SOCKET_FILTERS) struct sock_fprog bad_fcode; struct sock_filter uninitialized[INSN_COUNT]; #endif struct bpf_program fcode; device = NULL; dorfmon = 0; useactivate = 0; infile = NULL; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; else program_name = argv[0]; opterr = 0; while ((op = getopt(argc, argv, "aF:i:I")) != -1) { switch (op) { case 'a': useactivate = 1; break; case 'F': infile = optarg; break; case 'i': device = optarg; break; case 'I': dorfmon = 1; useactivate = 1; /* required for rfmon */ break; default: usage(); /* NOTREACHED */ } } if (device == NULL) { /* * No interface specified; get whatever pcap_lookupdev() * finds. */ device = pcap_lookupdev(ebuf); if (device == NULL) { error("couldn't find interface to use: %s", ebuf); } } if (infile != NULL) { /* * Filter specified with "-F" and a file containing * a filter. */ cmdbuf = read_infile(infile); } else { if (optind < argc) { /* * Filter specified with arguments on the * command line. */ cmdbuf = copy_argv(&argv[optind+1]); } else { /* * No filter specified; use an empty string, which * compiles to an "accept all" filter. */ cmdbuf = ""; } } if (useactivate) { pd = pcap_create(device, ebuf); if (pd == NULL) error("%s: pcap_create() failed: %s", device, ebuf); status = pcap_set_snaplen(pd, 65535); if (status != 0) error("%s: pcap_set_snaplen failed: %s", device, pcap_statustostr(status)); status = pcap_set_promisc(pd, 1); if (status != 0) error("%s: pcap_set_promisc failed: %s", device, pcap_statustostr(status)); if (dorfmon) { status = pcap_set_rfmon(pd, 1); if (status != 0) error("%s: pcap_set_rfmon failed: %s", device, pcap_statustostr(status)); } status = pcap_set_timeout(pd, 1000); if (status != 0) error("%s: pcap_set_timeout failed: %s", device, pcap_statustostr(status)); status = pcap_activate(pd); if (status < 0) { /* * pcap_activate() failed. */ error("%s: %s\n(%s)", device, pcap_statustostr(status), pcap_geterr(pd)); } else if (status > 0) { /* * pcap_activate() succeeded, but it's warning us * of a problem it had. */ warning("%s: %s\n(%s)", device, pcap_statustostr(status), pcap_geterr(pd)); } } else { *ebuf = '\0'; pd = pcap_open_live(device, 65535, 1, 1000, ebuf); if (pd == NULL) error("%s", ebuf); else if (*ebuf) warning("%s", ebuf); } pcap_fd = pcap_fileno(pd); /* * Try setting a filter with an uninitialized bpf_program * structure. This should cause valgrind to report a * problem. * * We don't check for errors, because it could get an * error due to a bad pointer or count. */ #if defined(USE_BPF) ioctl(pcap_fd, BIOCSETF, &bad_fcode); #elif defined(USE_SOCKET_FILTERS) setsockopt(pcap_fd, SOL_SOCKET, SO_ATTACH_FILTER, &bad_fcode, sizeof(bad_fcode)); #endif /* * Try setting a filter with an initialized bpf_program * structure that points to an uninitialized program. * That should also cause valgrind to report a problem. * * We don't check for errors, because it could get an * error due to a bad pointer or count. */ #if defined(USE_BPF) bad_fcode.bf_len = INSN_COUNT; bad_fcode.bf_insns = uninitialized; ioctl(pcap_fd, BIOCSETF, &bad_fcode); #elif defined(USE_SOCKET_FILTERS) bad_fcode.len = INSN_COUNT; bad_fcode.filter = uninitialized; setsockopt(pcap_fd, SOL_SOCKET, SO_ATTACH_FILTER, &bad_fcode, sizeof(bad_fcode)); #endif /* * Now compile a filter and set the filter with that. * That should *not* cause valgrind to report a * problem. */ if (pcap_compile(pd, &fcode, cmdbuf, 1, 0) < 0) error("can't compile filter: %s", pcap_geterr(pd)); if (pcap_setfilter(pd, &fcode) < 0) error("can't set filter: %s", pcap_geterr(pd)); pcap_close(pd); exit(status < 0 ? 1 : 0); }
/** * \brief Init function for ReceivePcap. * * This is a setup function for recieving packets * via libpcap. There are two versions of this function * depending on the major version of libpcap used. * For versions prior to 1.x we use open_pcap_live, * for versions 1.x and greater we use pcap_create + pcap_activate. * * \param tv pointer to ThreadVars * \param initdata pointer to the interface passed from the user * \param data pointer gets populated with PcapThreadVars * * \todo Create a general pcap setup function. */ TmEcode ReceivePcapThreadInit(ThreadVars *tv, const void *initdata, void **data) { SCEnter(); PcapIfaceConfig *pcapconfig = (PcapIfaceConfig *)initdata; if (initdata == NULL) { SCLogError(SC_ERR_INVALID_ARGUMENT, "initdata == NULL"); SCReturnInt(TM_ECODE_FAILED); } PcapThreadVars *ptv = SCMalloc(sizeof(PcapThreadVars)); if (unlikely(ptv == NULL)) { pcapconfig->DerefFunc(pcapconfig); SCReturnInt(TM_ECODE_FAILED); } memset(ptv, 0, sizeof(PcapThreadVars)); ptv->tv = tv; ptv->livedev = LiveGetDevice(pcapconfig->iface); if (ptv->livedev == NULL) { SCLogError(SC_ERR_INVALID_VALUE, "Unable to find Live device"); SCFree(ptv); SCReturnInt(TM_ECODE_FAILED); } SCLogInfo("using interface %s", (char *)pcapconfig->iface); if (LiveGetOffload() == 0) { (void)GetIfaceOffloading((char *)pcapconfig->iface, 1, 1); } else { DisableIfaceOffloading(ptv->livedev, 1, 1); } ptv->checksum_mode = pcapconfig->checksum_mode; if (ptv->checksum_mode == CHECKSUM_VALIDATION_AUTO) { SCLogInfo("Running in 'auto' checksum mode. Detection of interface state will require " xstr(CHECKSUM_SAMPLE_COUNT) " packets."); } /* XXX create a general pcap setup function */ char errbuf[PCAP_ERRBUF_SIZE]; ptv->pcap_handle = pcap_create((char *)pcapconfig->iface, errbuf); if (ptv->pcap_handle == NULL) { if (strlen(errbuf)) { SCLogError(SC_ERR_PCAP_CREATE, "Couldn't create a new pcap handler for %s, error %s", (char *)pcapconfig->iface, errbuf); } else { SCLogError(SC_ERR_PCAP_CREATE, "Couldn't create a new pcap handler for %s", (char *)pcapconfig->iface); } SCFree(ptv); pcapconfig->DerefFunc(pcapconfig); SCReturnInt(TM_ECODE_FAILED); } if (pcapconfig->snaplen == 0) { /* We set snaplen if we can get the MTU */ ptv->pcap_snaplen = GetIfaceMaxPacketSize(pcapconfig->iface); } else { ptv->pcap_snaplen = pcapconfig->snaplen; } if (ptv->pcap_snaplen > 0) { /* set Snaplen. Must be called before pcap_activate */ int pcap_set_snaplen_r = pcap_set_snaplen(ptv->pcap_handle, ptv->pcap_snaplen); if (pcap_set_snaplen_r != 0) { SCLogError(SC_ERR_PCAP_SET_SNAPLEN, "Couldn't set snaplen, error: %s", pcap_geterr(ptv->pcap_handle)); SCFree(ptv); pcapconfig->DerefFunc(pcapconfig); SCReturnInt(TM_ECODE_FAILED); } SCLogInfo("Set snaplen to %d for '%s'", ptv->pcap_snaplen, pcapconfig->iface); } /* set Promisc, and Timeout. Must be called before pcap_activate */ int pcap_set_promisc_r = pcap_set_promisc(ptv->pcap_handle, pcapconfig->promisc); //printf("ReceivePcapThreadInit: pcap_set_promisc(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_promisc_r); if (pcap_set_promisc_r != 0) { SCLogError(SC_ERR_PCAP_SET_PROMISC, "Couldn't set promisc mode, error %s", pcap_geterr(ptv->pcap_handle)); SCFree(ptv); pcapconfig->DerefFunc(pcapconfig); SCReturnInt(TM_ECODE_FAILED); } int pcap_set_timeout_r = pcap_set_timeout(ptv->pcap_handle,LIBPCAP_COPYWAIT); //printf("ReceivePcapThreadInit: pcap_set_timeout(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_timeout_r); if (pcap_set_timeout_r != 0) { SCLogError(SC_ERR_PCAP_SET_TIMEOUT, "Problems setting timeout, error %s", pcap_geterr(ptv->pcap_handle)); SCFree(ptv); pcapconfig->DerefFunc(pcapconfig); SCReturnInt(TM_ECODE_FAILED); } #ifdef HAVE_PCAP_SET_BUFF ptv->pcap_buffer_size = pcapconfig->buffer_size; if (ptv->pcap_buffer_size >= 0 && ptv->pcap_buffer_size <= INT_MAX) { if (ptv->pcap_buffer_size > 0) SCLogInfo("Going to use pcap buffer size of %" PRId32 "", ptv->pcap_buffer_size); int pcap_set_buffer_size_r = pcap_set_buffer_size(ptv->pcap_handle,ptv->pcap_buffer_size); //printf("ReceivePcapThreadInit: pcap_set_timeout(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_buffer_size_r); if (pcap_set_buffer_size_r != 0) { SCLogError(SC_ERR_PCAP_SET_BUFF_SIZE, "Problems setting pcap buffer size, error %s", pcap_geterr(ptv->pcap_handle)); SCFree(ptv); pcapconfig->DerefFunc(pcapconfig); SCReturnInt(TM_ECODE_FAILED); } } #endif /* HAVE_PCAP_SET_BUFF */ /* activate the handle */ int pcap_activate_r = pcap_activate(ptv->pcap_handle); //printf("ReceivePcapThreadInit: pcap_activate(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_activate_r); if (pcap_activate_r != 0) { SCLogError(SC_ERR_PCAP_ACTIVATE_HANDLE, "Couldn't activate the pcap handler, error %s", pcap_geterr(ptv->pcap_handle)); SCFree(ptv); pcapconfig->DerefFunc(pcapconfig); SCReturnInt(TM_ECODE_FAILED); } else { ptv->pcap_state = PCAP_STATE_UP; } /* set bpf filter if we have one */ if (pcapconfig->bpf_filter) { SCMutexLock(&pcap_bpf_compile_lock); ptv->bpf_filter = pcapconfig->bpf_filter; if (pcap_compile(ptv->pcap_handle,&ptv->filter,(char *)ptv->bpf_filter,1,0) < 0) { SCLogError(SC_ERR_BPF, "bpf compilation error %s", pcap_geterr(ptv->pcap_handle)); SCMutexUnlock(&pcap_bpf_compile_lock); SCFree(ptv); pcapconfig->DerefFunc(pcapconfig); return TM_ECODE_FAILED; } if (pcap_setfilter(ptv->pcap_handle,&ptv->filter) < 0) { SCLogError(SC_ERR_BPF, "could not set bpf filter %s", pcap_geterr(ptv->pcap_handle)); SCMutexUnlock(&pcap_bpf_compile_lock); SCFree(ptv); pcapconfig->DerefFunc(pcapconfig); return TM_ECODE_FAILED; } SCMutexUnlock(&pcap_bpf_compile_lock); } /* no offloading supported at all */ (void)GetIfaceOffloading(pcapconfig->iface, 1, 1); ptv->datalink = pcap_datalink(ptv->pcap_handle); pcapconfig->DerefFunc(pcapconfig); ptv->capture_kernel_packets = StatsRegisterCounter("capture.kernel_packets", ptv->tv); ptv->capture_kernel_drops = StatsRegisterCounter("capture.kernel_drops", ptv->tv); ptv->capture_kernel_ifdrops = StatsRegisterCounter("capture.kernel_ifdrops", ptv->tv); *data = (void *)ptv; SCReturnInt(TM_ECODE_OK); }
static ERL_NIF_TERM nif_pcap_open_live(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) { ErlNifBinary device = {0}; int snaplen = 0; int promisc = 0; int to_ms = 0; int buffer_size = 0; int rfmon = 0; char errbuf[PCAP_ERRBUF_SIZE] = {0}; EWPCAP_STATE *ep = NULL; ERL_NIF_TERM res = {0}; ERL_NIF_TERM ref = {0}; if (!enif_inspect_iolist_as_binary(env, argv[0], &device)) return enif_make_badarg(env); if (!enif_get_int(env, argv[1], &snaplen)) return enif_make_badarg(env); if (!enif_get_int(env, argv[2], &promisc)) return enif_make_badarg(env); if (!enif_get_int(env, argv[3], &to_ms)) return enif_make_badarg(env); if (!enif_get_int(env, argv[4], &buffer_size)) return enif_make_badarg(env); if (!enif_get_int(env, argv[5], &rfmon)) return enif_make_badarg(env); /* NULL terminate the device name */ if (device.size > 0) { if (!enif_realloc_binary(&device, device.size+1)) return enif_make_tuple2(env, atom_error, atom_enomem); device.data[device.size-1] = '\0'; } ep = enif_alloc_resource(EWPCAP_RESOURCE, sizeof(EWPCAP_STATE)); if (ep == NULL) return enif_make_tuple2(env, atom_error, atom_enomem); /* "any" is a Linux only virtual dev */ ep->p = pcap_create((device.size == 0 ? "any" : (char *)device.data), errbuf); if (ep->p == NULL) return enif_make_tuple2(env, atom_error, enif_make_string(env, errbuf, ERL_NIF_LATIN1)); /* Set the snaplen */ (void)pcap_set_snaplen(ep->p, snaplen); /* Set promiscuous mode */ (void)pcap_set_promisc(ep->p, promisc); /* Set timeout */ (void)pcap_set_timeout(ep->p, to_ms); /* Set buffer size */ if (buffer_size > 0) (void)pcap_set_buffer_size(ep->p, buffer_size); /* Set monitor mode */ if (pcap_can_set_rfmon(ep->p) == 1) (void)pcap_set_rfmon(ep->p, rfmon); /* Return failure on error and warnings */ if (pcap_activate(ep->p) != 0) { pcap_close(ep->p); return enif_make_tuple2(env, atom_error, enif_make_string(env, pcap_geterr(ep->p), ERL_NIF_LATIN1)); } ep->datalink = pcap_datalink(ep->p); (void)enif_self(env, &ep->pid); ep->term_env = enif_alloc_env(); if (ep->term_env == NULL) { pcap_close(ep->p); return enif_make_tuple2(env, atom_error, atom_enomem); } ep->ref = enif_make_ref(ep->term_env); ref = enif_make_copy(env, ep->ref); res = enif_make_resource(env, ep); enif_release_resource(ep); return enif_make_tuple2(env, atom_ok, enif_make_tuple3(env, atom_ewpcap_resource, ref, res)); }