Learn LiBPCAP with me.
-------------------------------------------------- ------------------------------
Doggy 2002-05-24 14:09:09
2.3 error handling
Like other libraries, libpcap also has its own error handling mechanism.
Basically, each function has a return value, the return value is <0 when an error is wrong, and there is another function
Void PCAP_PERROR (PCAP_T *, CHAR *);
Char * PCAP_STRERROR (Int);
Char * PCAP_GETERR (PCAP_T *);
The top two and perror () stror () are the same, and the last one is very simple.
There is a member in PCAP_T to exist erroneous strings.
Struct PCAP {
...
CHAR ERRBUF [PCAP_ERRBUF_SIZE];
}
and so......
So we add error handling in the programs just now.
Add a function first
#include
Int err_quit (const char * fmt, ...)
{
VA_LIST AP;
VA_START (AP, FMT);
vfprintf (stderr, fmt, AP);
VA_END (AP);
EXIT (-1);
}
After the abnormality of each function, use the EBUF parameter before successfully establishing the capture handle PCAP_T * PD
Char * device = PCAP_LOOKUPDEV (EBUF);
IF (device == null)
Err_quit ("% s", ebuf);
After the handle PD
IF (PCAP_Compile (PD, & Fcode, NULL, 1, 0) <0)
Err_quit ("% s", PCAP_GETERR (PD));
Be careful not that each function is wrong to return <0
PCAP_DATALINK (PD) and PCAP_SNAPSHOT (PD), etc.
2.4 Preliminary study of parameters
When using each function in front, there is no specifically explaining the meaning of each function, and now discuss it.
PCAP_T * PCAP_OPEN_LIVE (Char * Device, Int Snaplen, Int Promisc,
Int to_ms, char * ebuf)
Device Specify the device, Snaplen specifies how many bytes, EBUF error message, said in front
PROMISC points out whether it is set to mixed mode (do not understand? I don't understand, the whole net listening to what safety)
TO_MS set timeout, unit MilliseConds
INT PCAP_LOOP (PCAP_T * P, INT CNT, PCAP_HANDLER CALLBACK, U_CHAR * USER)
CNT is the number of packets to be grasped, and PCAP_LOOP returns to the CNT package in normal time, return to the value when the exception is <0
User is the data to be incompatible, for example, we modify the above program.
File: // PCAP_LOOP (PD, 10, Printer, NULL);
PCAP_LOOP (PD, 10, Printer, (U_CHAR *) PD);
Add it in printer ()
PCAP_STAT STAT;
PCAP_STATS ((PCAP_T *) USER, & STAT);
Printf ("RECV% D, DROP% D.", stat.ps_recv, stat.ps_drop);
The output is output after compiling
166.111.168.0:255.255.252.0
10MB Ethernet
RECV 1, Drop 0.
RECV 2, Drop 0.
RECV 3, Drop 0.
RECV 4, Drop 0.
RECV 5, Drop 0.
RECV 6, Drop 0.
RECV 7, Drop 0.
RECV 8, Drop 0.
Recv 9, Drop 0.
RECV 10, Drop 0.Recv 10, Drop 0.
INT PCAP_COMPILE (PCAP_T * P, Struct BPF_PROGRAM * PROGRAM,
Char * buf, int Optimize, BPF_U_INT32 MASK)
This function is used to analyze the filter rule string BUF, fill in the BPF_Program structure.
Optimize is 1 to optimize the filtering rule
Netmask specified subnet mask
BUF's format is more complicated
INT PCAP_SETFILTER (PCAP_T * HANDLE, STRUCT BPF_PROGRAM * FILTER)
Setting the Filter constructed to the PCAP_COMPILE () to Handle
Today, here, have time to continue the day.
Good morning, I am good night:,)
Reprinted BBS Shuimu Tsinghua
