inline static pcap_t* pcap_live_open_packet_device(struct pcap_if* pcap, int readTimeout) {
char errbuf[PCAP_ERRBUF_SIZE];
if (!pcap) {
return NULL;
}
pcap_t* device = pcap_open_live(
pcap->name, // name of the device
65536, // portion of the packet to capture
// 65536 guarantees that the whole packet
// will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS | // promiscuous mode
PCAP_OPENFLAG_NOCAPTURE_LOCAL | PCAP_OPENFLAG_MAX_RESPONSIVENESS,
readTimeout, // read timeout
errbuf); // error buffer
if (!device) {
return NULL;
}
/* Must is ethernet */
int datalink = pcap_datalink(device);
if (datalink != DLT_EN10MB && datalink != DLT_EN3MB) {
pcap_live_close_packet_device(device);
return NULL;
}
/* Only capture IN */
pcap_setdirection(device, PCAP_D_IN);
/* We want any responses back ASAP */
if (pcap_setmintocopy(device, 0)) {
pcap_live_close_packet_device(device);
return NULL;
}
bpf_u_int32 netmask = ETHERNET_MASK;
if (netmask == INADDR_ANY) {
netmask = INADDR_NONE;
}
char rules[8096];
sprintf(rules, "ether dst %02x:%02x:%02x:%02x:%02x:%02x or ether dst ff:ff:ff:ff:ff:ff",
ETHERNET_MAC.s_data[0],
ETHERNET_MAC.s_data[1],
ETHERNET_MAC.s_data[2],
ETHERNET_MAC.s_data[3],
ETHERNET_MAC.s_data[4],
ETHERNET_MAC.s_data[5]);
/* Compile the filter */
struct bpf_program fcode;
if (pcap_compile(device, &fcode, rules, 1, netmask)) {
pcap_live_close_packet_device(device);
return NULL;
}
/* Set the filter */
if (pcap_setfilter(device, &fcode)) {
pcap_live_close_packet_device(device);
return NULL;
}
return device;
}
版权声明:本文为liulilittle原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。