📄 group__wpcap__tut7.html
字号:
<a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d">pcap_live_dump()</a> is non-blocking, therefore it starts the dump and returns immediately: The dump process goes on asynchronously until the maximum file size or the maximum amount of packets has been reached.<p>The application can wait or check the end of the dump with <a class="el" href="group__wpcapfunc.html#gfe8a334f3a7ae2dc7f52e96523da39be">pcap_live_dump_ended()</a>. <b>Beware</b> that if the <em>sync</em> parameter is nonzero, this function will block your application forever if the limits are both 0.<p><div class="fragment"><pre class="fragment"><span class="comment">/*</span><span class="comment"> * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)</span><span class="comment"> * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)</span><span class="comment"> * All rights reserved.</span><span class="comment"> *</span><span class="comment"> * Redistribution and use in source and binary forms, with or without</span><span class="comment"> * modification, are permitted provided that the following conditions</span><span class="comment"> * are met:</span><span class="comment"> *</span><span class="comment"> * 1. Redistributions of source code must retain the above copyright</span><span class="comment"> * notice, this list of conditions and the following disclaimer.</span><span class="comment"> * 2. Redistributions in binary form must reproduce the above copyright</span><span class="comment"> * notice, this list of conditions and the following disclaimer in the</span><span class="comment"> * documentation and/or other materials provided with the distribution.</span><span class="comment"> * 3. Neither the name of the Politecnico di Torino, CACE Technologies </span><span class="comment"> * nor the names of its contributors may be used to endorse or promote </span><span class="comment"> * products derived from this software without specific prior written </span><span class="comment"> * permission.</span><span class="comment"> *</span><span class="comment"> * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS</span><span class="comment"> * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT</span><span class="comment"> * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR</span><span class="comment"> * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT</span><span class="comment"> * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,</span><span class="comment"> * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT</span><span class="comment"> * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,</span><span class="comment"> * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY</span><span class="comment"> * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT</span><span class="comment"> * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE</span><span class="comment"> * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</span><span class="comment"> *</span><span class="comment"> */</span><span class="preprocessor">#include <stdlib.h></span><span class="preprocessor">#include <stdio.h></span><span class="preprocessor">#include <pcap.h></span><span class="preprocessor">#error At the moment the kernel dump feature is not supported in the driver</span><span class="preprocessor"></span>main(<span class="keywordtype">int</span> argc, <span class="keywordtype">char</span> **argv) { <a class="code" href="structpcap__if.html">pcap_if_t</a> *alldevs, *d; <a class="code" href="group__wpcap__def.html#g4711d025f83503ce692efa5e45ec60a7">pcap_t</a> *fp; u_int inum, i=0; <span class="keywordtype">char</span> errbuf[<a class="code" href="group__wpcap__def.html#gcd448353957d92c98fccc29e1fc8d927">PCAP_ERRBUF_SIZE</a>]; printf(<span class="stringliteral">"kdump: saves the network traffic to file using WinPcap kernel-level dump faeature.\n"</span>); printf(<span class="stringliteral">"\t Usage: %s [adapter] | dump_file_name max_size max_packs\n"</span>, argv[0]); printf(<span class="stringliteral">"\t Where: max_size is the maximum size that the dump file will reach (0 means no limit)\n"</span>); printf(<span class="stringliteral">"\t Where: max_packs is the maximum number of packets that will be saved (0 means no limit)\n\n"</span>); <span class="keywordflow">if</span>(argc < 5){ <span class="comment">/* The user didn't provide a packet source: Retrieve the device list */</span> <span class="keywordflow">if</span> (<a class="code" href="group__wpcapfunc.html#g7b128eaeef627b408f6a6e2a2f5eb45d">pcap_findalldevs</a>(&alldevs, errbuf) == -1) { fprintf(stderr,<span class="stringliteral">"Error in pcap_findalldevs: %s\n"</span>, errbuf); exit(1); } <span class="comment">/* Print the list */</span> <span class="keywordflow">for</span>(d=alldevs; d; d=d-><a class="code" href="structpcap__if.html#81508e6e4e41ca4235c8d6b51913c536">next</a>) { printf(<span class="stringliteral">"%d. %s"</span>, ++i, d-><a class="code" href="structpcap__if.html#5ac083a645d964373f022d03df4849c8">name</a>); if (d-><a class="code" href="structpcap__if.html#8444d6e0dfe2bbab0b5e7b24308f1559">description</a>) printf(<span class="stringliteral">" (%s)\n"</span>, d-><a class="code" href="structpcap__if.html#8444d6e0dfe2bbab0b5e7b24308f1559">description</a>); <span class="keywordflow">else</span> printf(<span class="stringliteral">" (No description available)\n"</span>); } <span class="keywordflow">if</span>(i==0) { printf(<span class="stringliteral">"\nNo interfaces found! Make sure WinPcap is installed.\n"</span>); <span class="keywordflow">return</span> -1; } printf(<span class="stringliteral">"Enter the interface number (1-%d):"</span>,i); scanf(<span class="stringliteral">"%d"</span>, &inum); <span class="keywordflow">if</span>(inum < 1 || inum > i) { printf(<span class="stringliteral">"\nInterface number out of range.\n"</span>); <span class="comment">/* Free the device list */</span> <span class="keywordflow">return</span> -1; } <span class="comment">/* Jump to the selected adapter */</span> <span class="keywordflow">for</span>(d=alldevs, i=0; i< inum-1 ;d=d-><a class="code" href="structpcap__if.html#81508e6e4e41ca4235c8d6b51913c536">next</a>, i++); <span class="comment">/* Open the device */</span> <span class="keywordflow">if</span> ( (fp = <a class="code" href="group__wpcapfunc.html#gae6abe06e15c87b803f69773822beca8">pcap_open_live</a>(d-><a class="code" href="structpcap__if.html#5ac083a645d964373f022d03df4849c8">name</a>, 100, 1, 20, errbuf) ) == NULL) { fprintf(stderr,<span class="stringliteral">"\nError opening adapter\n"</span>); <span class="keywordflow">return</span> -1; } <span class="comment">/* Free the device list */</span> <a class="code" href="group__wpcapfunc.html#g346b4b0b7fd1cda4abb9a39f767dbeb1">pcap_freealldevs</a>(alldevs); <span class="comment">/* Start the dump */</span> <span class="keywordflow">if</span>(<a class="code" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d">pcap_live_dump</a>(fp, argv[1], atoi(argv[2]), atoi(argv[3]))==-1){ printf(<span class="stringliteral">"Unable to start the dump, %s\n"</span>, <a class="code" href="group__wpcapfunc.html#g81305cb154e4497e95bbb9b708631a3a">pcap_geterr</a>(fp)); <span class="keywordflow">return</span> -1; } } <span class="keywordflow">else</span>{ <span class="comment">/* Open the device */</span> <span class="keywordflow">if</span> ( (fp= <a class="code" href="group__wpcapfunc.html#gae6abe06e15c87b803f69773822beca8">pcap_open_live</a>(argv[1], 100, 1, 20, errbuf) ) == NULL) { fprintf(stderr,<span class="stringliteral">"\nError opening adapter\n"</span>); <span class="keywordflow">return</span> -1; } <span class="comment">/* Start the dump */</span> <span class="keywordflow">if</span>(<a class="code" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d">pcap_live_dump</a>(fp, argv[0], atoi(argv[1]), atoi(argv[2]))==-1){ printf(<span class="stringliteral">"Unable to start the dump, %s\n"</span>, <a class="code" href="group__wpcapfunc.html#g81305cb154e4497e95bbb9b708631a3a">pcap_geterr</a>(fp)); <span class="keywordflow">return</span> -1; } } <span class="comment">/* Wait until the dump finishes, i.e. when max_size or max_packs is reached*/</span> <a class="code" href="group__wpcapfunc.html#gfe8a334f3a7ae2dc7f52e96523da39be">pcap_live_dump_ended</a>(fp, TRUE); <span class="comment">/* Close the adapter, so that the file is correctly flushed */</span> <a class="code" href="group__wpcapfunc.html#ga45a5e1a4ba9925bb3586dcbeec78560">pcap_close</a>(fp); <span class="keywordflow">return</span> 0;}</pre></div><p>The difference between <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d">pcap_live_dump()</a> and <a class="el" href="group__wpcapfunc.html#g659439bf5aa3988b5a92d31990fbf437">pcap_dump()</a>, apart from the possibility to set limits, is performance. <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d">pcap_live_dump()</a> exploits the ability of the WinPcap NPF driver (see <a class="el" href="group__NPF.html">NPF driver internals manual</a>) to write dumps from kernel level, minimizing the number of context switches and memory copies.<p>Obviously, since this feature is currently not available on other operating systems, <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d">pcap_live_dump()</a> is WinPcap specific and is present only under Win32.<p><a class="el" href="group__wpcap__tut6.html"><<< Previous</a> <a class="el" href="group__wpcap__tut8.html">Next >>></a> <hr><p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007 CACE Technologies. All rights reserved.</p>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -