In-depth analysis of Winpcap-obtain and release a list of network adapter devices (1)

Source: Internet
Author: User

This article from http://eslxf.blog.51cto.com/918801/198044

 

Generally, the first thing to write a Winpcap-based application is to obtain the list of connected network adapter devices. At the end of the program, ensure that the device list is released.

Figure 6-1 function call Relationship Diagram1.1 wpcap. the corresponding function interface wpcap exported by DLL. to obtain a list of connected network adapter devices, DLL provides the following functions: File/wpcap/Libpcap/pcap. in H, struct pcap_if; struct pcap_addr; int pcap_findalldevs (pcap_if_t ** alldevsp, char * errbuf); void pcap_freealldevs (pcap_if_t * alldevsp ); int struct (char * Source, struct pcap_rmtauth * auth, pcap_if_t ** alldevs, char * errbuf) in the wpcap/Libpcap/remote-ext.h file; 1.1.1 pcap_if struct function struct or pcap_fin Dalldevs returns a pcap_if_t linked list alldevs or alldevsp. Each pcap_if_t structure contains the details of an adapter. Members
Name and description indicate the name of an adapter and a more understandable description. The struct is defined as follows: typedef struct pcap_if pcap_if_t; struct pcap_if {/* if not null, it points to the next element of the linked list. If it is null, It is the tail of the linked list */struct pcap_if * Next;/* a string pointer to the pcap_open_live function that describes the device name */char * Name; /* if not null, it indicates a readable string */char * description of the device; /* a pointer to the first element of the interface address linked list */struct pcap_addr * addresses;/** pcap_if _ interface flag. Currently, the only possible flag is pcap_if_loopback. * If the interface is a loop, set this flag */bpf_u_int32 flags;}. The definition of the struct pcap_addr is described below. The structure pcap_addr indicates the interface address, which is defined as: typedef struct pcap_addr pcap_addr_t; struct pcap_addr {struct pcap_addr * Next;/* pointer to the next element */struct sockaddr * ADDR; /* IP Address */struct sockaddr * netmask;/* network mask */struct sockaddr * broadaddr;/* broadcast address */struct sockaddr * dstaddr; /* P2P Destination Address */}; 1.1.2 pcap_findalldevs_ex function. Generally, the first thing to write a Winpcap-based application is to obtain the list of connected network adapter devices. Winpcap provides the handler function to implement this function. The prototype of this function is: int pcap_findalldevs_ex (char * Source, struct pcap_rmtauth * auth, pcap_if_t ** alldevs, char * errbuf ); this function creates a list of network adapter devices that can be opened using the pcap_open function. This function is an extension of the old pcap_findalldevs function. pcap_findalldevs () is an outdated function that allows only network devices on the local machine to be listed. On the contrary, pcap_findalldevs_ex allows you to list network devices on a remote machine, and list available pcap files in a given folder. Because pcap_findalldevs_ex () depends on the standard pcap_findalldevs () to obtain the address of the local machine, it is platform independent. In case the function must list the devices on the remote machine, it opens a new control connection to the machine, obtains the network interface again, and terminates the connection. However, if the function detects that the remote computer is in "Active Mode", the connection will not be terminated and the existing braces are used. "Source" is a parameter that tells the function where to find the device, and it uses the same syntax as pcap_open function. The device name is different from the pcap_findalldevs function.
(Specified by alldevs-> name, other linked lists exist) have been considered for use in the pcap_open function. On the contrary, the output of the pcap_findalldevs function must be in the pcap_createsrcstr () format before the source parameter can be passed to the pcap_open function. The source parameter is a memory-type buffer. The "source location" is saved according to the new Winpcap syntax ". Check the source to find the adapter (local or remote) (for example, the source can be the local adapter "rpcap: //" or the remote adapter "rpcap: // host: Port ") or a pcap file (for example, the source can be "file: // C:/myfolder /"). This string should be carefully considered in advance to determine whether the source is a local/remote adapter or file. The meaning of these sources is defined in the new syntax (Source
Defined in specification syntax. The auth parameter is a pointer to the pcap_rmtauth struct. This pointer maintains the information required to authenticate the rpcap to connect to the remote host. This parameter is meaningless for local host requests. It can be set to null. The alldevs parameter is a pointer of the "pcap_if_t" struct type and is correctly allocated in this function. When the function returns successfully, the pointer is set to the first element pointing to the linked list of network devices. Each element of the linked list is of the "pcap_if_t" type. The errbuf parameter is a pointer to the user-assigned buffer (size: pcap_errbuf_size). If a function operation error occurs, the buffer stores this error message. If the function is successful, 0 is returned. If an error exists,-1 is returned. The "alldevs" variable returns the device list. When the function returns a correct result, "alldevs" cannot be null. That is to say, if the system does not have any interfaces, this function also returns-1. The "errbuf" variable returns an error message. An error may be caused by the following reasons: ø Winpcap is not installed on the local/remote host. the user does not have sufficient permissions to list these devices/files. ø a network failure. ø rpcap version negotiation failed (the rpcap version negotiation failed) other errors (such as insufficient memory or other problems) It is worth noting that by calling the pcap_findalldevs function, the network device may not be opened by the pcap_open function. For example, you may not have sufficient permissions to open them and capture them. If so, these devices will not appear in the device list. The device list obtained by this function must be manually released using the pcap_freealldevs function. 1.1.3 The pcap_findalldevs function pcap_findalldevs is an out-of-date function that only lists network devices on the local machine. The function is prototype: int pcap_findalldevs (pcap_if_t ** alldevsp, char * errbuf). The function obtains a list of all network devices that have been connected and can be opened. The list can be opened by the pcap_open_live function. The alldevsp parameter points to the first element in the list. Each element in the list is of the pcap_if_t type. If no network device is connected and can be opened, the linked list may be null. If the function fails,-1 is returned. errbuf stores the appropriate error information. If the function fails, 0 is returned. It is worth noting that calling the pcap_findalldevs function may cause the failure of the network device to be opened by the pcap_open_live function. For example, you may not have sufficient permissions to open them and capture them. If so, these devices will not appear in the device list. 1.1.4 The pcap_freealldevs function is released by calling the network adapter device linked list returned by the pcap_findalldevs_ex or pcap_findalldevs function. The prototype of this function is as follows: void pcap_freealldevs (pcap_if_t * alldevsp)

ST1/: * {behavior: URL (# ieooui )}

1.2 obtain and release the list of network adapters. The following code can be used to obtain the list of network adapters and displayed on the screen. If no adapter is found, an error message is printed. And release the device list at the end of the program. # Include "remote-ext.h" # include "pcap. H "Main () {pcap_if_t * alldevs; pcap_if_t * D; int I = 0; char errbuf [pcap_errbuf_size]; // obtain the list of local machine devices if (Response (pcap_src_if_string,
Null, & alldevs, errbuf) =-1) {// failed to get the device list. The program returns fprintf (stderr, "error in pcap_findalldevs_ex: % s/n", errbuf ); exit (1);} // print the device list for (D = alldevs; D! = NULL; D = D-> next) {printf ("% d. % s ", ++ I, d-> name); If (D-> description) printf (" (% s)/n ", D-> description ); else printf ("(no description available)/n");} if (I = 0) {// The device interface is not found. Check that Winpcap is installed, exit printf ("/Nno interfaces found! Make sure Winpcap is installed. /n "); return;} // The device list is no longer required. Release the pcap_freealldevs (alldevs);} First, The pcap_findalldevs_ex function is the same as other libpcap functions. ErrbufParameters. If an error occurs, this parameter will be written to the string type error message by Libpcap. Second, remember that not all operating systems support the Network Program interfaces provided by Libpcap. Therefore, if you want to write a portable application, you must consider under what circumstances, DescriptionIs null. In this case, the prompt "no description available" is printed ". Finally, remember to call the pcap_freealldevs () function to release the memory used by the device list. Run the program on a WINXP computer. The result is:
   1. /Device/NPF_{4E273621-5161-46C8-895A-48D0E52A0B83} (Realtek RTL8029(AS) Ethernet Adapter)
   2. /Device/NPF_{5D24AE04-C486-4A96-83FB-8B5EC6C7F430} (3Com EtherLink PCI) 
As you can see, the name of the network adapter on Windows is rather difficult to read. It can be seen that the explanatory description is very helpful.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.