Libpcap programming 2 (Libpcap function library Introduction)

1) libpcap, full name: Packet Capture library, that is, the data packet capture function library.

 

2) libpcap applications:

1. Intrusion Detection System

2. Network debugging

3. packet capture and filtering

4. Network statistics software

5. network sniffer

 

3) Main functions in the libpcap library

/*************************************** ***************

* Function name: pcap_open_live

* Function: Get the description of the packet capture used to capture network packets.

* Parameter description:

* Device: the name of the network device that is enabled.

* Snaplen: Maximum number of bytes of captured data

* Promisc: whether to set network interfaces to the hybrid mode

* To_ms: Specifies the timeout time (in milliseconds)

* Ebuf: error message

* Return value:

* Success: Description of the packet capture

* Failed: NULL

**************************************** ***************/

Pcap_t * pcap_open_live (char * device, int snaplen, int promisc, int to_ms, char * ebuf)

 

 

 

/*************************************** ***************

* Function name: pcap_lookupdev

* Function: Query network devices in the current system.

* Parameter description:

 

* Ebuf: error message

* Return value:

* Success: pointer to the name of the network device

* Failed: NULL

**************************************** **************/

Char * pcap_lookupdev (char * errbuf)

 

 

 

 

/*************************************** ***************

* Function name: pcap_lookupnet

* Function: Obtain the IP address and mask of the network device.

* Parameter description:

* Device: network device name

* Netp: IP Address

* Maskp: mask

 

* Ebuf: error message

* Return value:

* Success: Non-1

* Failed:-1

**************************************** ***************/

Int pcap_lookupnet (char * device, bpf_u_int32 * netp, bpf_u_int32 * maskp, char * errbuf)

 

 

 

/*************************************** *****************

* Function name: pcap_complie

* Function: Compile the character string description conditions into the filter program.

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* FP: pointer to the bpf_program Structure

* STR: Specifies the string to be compiled into the filter program.

 

* Optimize: control result code optimization

* Netmask: Specifies the subnet mask of the local network.

* Return value:

* Success: 0

* Failed:-1

**************************************** *****************/

Int pcap_compile (pcap_t * P, struct bpf_program * FP, char * STR, int optimize, bpf_u_int32 netmask)

 

 

 

/*************************************** *******************

* Function name: pcap_setfilter

* Function: Apply the filter rule to the specified packet capture description.

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* FP: pointer to the bpf_program structure, obtained by calling the pcap_compile Function

 

 

* Return value:

* Success: 0

* Failed:-1

**************************************** ******************/

Int pcap_setfilter (pcap_t * P, struct bpf_program * FP)
 

 

 

/*************************************** ******************

* Function name: pcap_next

* Function: capture a single data packet

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* H: pointer to the p_cap_pkthdr Structure

 

 

* Return value:

 

 

* Success: the obtained network packet content

* Failed: NULL

**************************************** *****************/

U_char * pcap_next (pcap_t * P, struct pcap_pkthdr * H)

 

 

 

/*************************************** *******************

* Function name: pcap_dispatch

* Function: capture and process data packets

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* CNT: the maximum number of data packets processed before the function is called.

* Callback: Specifies a callback function with three parameters. After obtaining the data packet, this function is called to process the data packet.

* User: The parameter passed to the callback function.

 

 

* Return value:

* Successful: No data packet is obtained, and 0 is returned; otherwise, the number of data packets read is returned.

* Failed:-1

**************************************** ******************/

Int pcap_dispatch (pcap_t * P, int CNT, pcap_handler callback, u_char * User)

 

 

 

/*************************************** ********************

* Function name: pcap_loop

* Function: similar to pcap_dispatch, but pcap_loop does not return a value when the read times out. The function returns a value only after processing CNT packets or errors.

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* CNT: the maximum number of data packets processed before the function is called.

* Callback: Specifies a callback function with three parameters. After obtaining the data packet, this function is called to process the data packet.

* User: The parameter passed to the callback function.

* Return value:

* Successful: No data packet is obtained, and 0 is returned; otherwise, the number of data packets read is returned.

* Failed:-1

**************************************** ******************/

Int pcap_loop (pcap_t * P, int CNT, pcap_handler callback, u_char * User)