代码如下libpcap驱动了tcpdump,和wireshark这类抓包工具.提供了高度灵活的包过滤语言. 据wikipedia,高性能的包过滤最早是在bsd上作为一个问题被解决,被称为bpf,在内核实现了一个解释器,进行包匹配,用户态提供一个字符设备, linux作为后来者,支持与bsd基本相同的packet filter,称为lpf,不同的是,linux是通过在一个raw socket来支持包过滤的,通过setsockopt来SO_...
Ok, let's begin by defining who this document is written for. Obviously, some basic knowledge of C is required, unless you only wish to know the basic theory. You do not need to be a code ninja; for the areas likely to be understood only by more experienced programmers, I'll be sur...
It sets the soname of the library tolibpcap.so.1; this is what it should be,NOTlibpcap.so.1.xorlibpcap.so.1.x.yor something such as that. We've been maintaining binary compatibility between libpcap releases for quite a while; there's no reason to tie a binary linked with libpcap ...
pcap_t * usb_create(const char *device, char *ebuf, int *is_ours) { const char *cp; char *cpend; long devnum; pcap_t *p; /* Does this look like a USB monitoring device? */ cp = device; /* Does it begin with USB_IFACE? */ ...
pcap_get_required_select_timeout.3pcap pcap_get_selectable_fd.3pcap pcap_get_tstamp_precision.3pcap.in pcap_geterr.3pcap pcap_init.3pcap pcap_inject.3pcap pcap_is_swapped.3pcap pcap_lib_version.3pcap pcap_list_datalinks.3pcap.in
The packet buffer timeout is required so that an application won't wait for the operating system's capture buffer to fill up before packets are delivered; if packets are arriving slowly, that wait could take an arbitrarily long period of time. ...
If this variable is not set, this behavior is enabled by default if CMAKE_MINIMUM_REQUIRED_VERSION is 3.1 or later, disabled otherwise. So we should either 1) require CMake 3.1 or later or 2) forcibly set PKG_CONFIG_USE_CMAKE_PREFIX_PATH to YES. For now, my inclination is to do th...
Implement pcap_lib_version(), as now required. Handle negative or too-large snaplen values. Fix various build issues and warnings. Building and testing: Update configure-time universal build checks for macOS. Update config.guess and config.sub. ...
dev = pcap_lookupdev(errbuf); if(dev == NULL) { printf("%s\n",errbuf); exit(1); } /* open device for reading */ descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf); if(descr == NULL) { printf("pcap_open_live(): %s\n",errbuf); exit(1); } ...
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.* * This code contributed by Sagun Shakya (sagun.shakya@sun.com) */ ...