64,690
社区成员
发帖
与我相关
我的任务
分享使用libpcap生成pcap文件,但数据没有写入包的问题
想请教个libpcap方面的问题,问题描述如下:
使用pcap_open_offline打开输入pcap文件,然后使用pcap_dump_open创建输出pcap文件;循环读取输入文件,更改应用层的数据,再写入输出pcap文件;能成功生成的pcap输出文件,但数据却没有写入;请问是什么原因,请赐教!
#include<netinet/tcp.h>
#include<arpa/inet.h>
#include<libxml/xmlmemory.h>
#include<libxml/parser.h>
#include<string.h>
#include<time.h>
#define MAXBUFF 2048
char m_outfile_path[256+1];
pcap_dumper_t *out_pcap;
pcap_t *handle;
u_char *outfile;
u_char *payload_new;
FILE *fpcap;
struct kt
{
u_int id;
u_char name[20];
};
void analyze_packet_qqtkt_write1(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
struct kt *kt_payload, *kt_payload_new;
struct pcap_pkthdr header_qqt;
struct timezone tz;
gettimeofday(&header_qqt.ts, &tz);
header_qqt.caplen = 78;
header_qqt.len = 78;
struct pcap_pkthdr *header_new = &header_qqt;
static int packet_num;
struct ether_header *lethernet;
struct ip *lip;
struct tcphdr *ltcp;
u_char *payload;
//u_char *payload_new;
payload_new = new u_char[78];
if (payload_new == NULL) {
printf("error in new buffer\n");
exit(-1);
}
struct kt str_kt[4] = {{1,"gz111"},{2,"gz222"},{3,"gz333"},{4,"gz444"}};
//struct kt str_kt = {1,"gz111"};
struct kt *pkt = str_kt;
packet_num ++;
if (packet_num > 4) {
return;
}
int size_ethernet = sizeof(struct ether_header);
int size_ip = sizeof(struct ip);
int size_tcp = sizeof(struct tcphdr);
int size_payload = size_ethernet + size_ip + size_tcp;
printf("passw1[%d][%d]\n", header->caplen, header->len);
/*离线数据包解码*/
lethernet = (struct ether_header *)packet;
print_ethernet(lethernet);
lip = (struct ip *)(packet+size_ethernet);
ltcp = (struct tcphdr *)(packet+size_ethernet+size_ip);
//payload = (u_char *)(packet + size_ethernet + size_ip + size_tcp);
/*重新构造新数据包,并重写应用层数据,但数据却没成功写入*/
u_char *pn = payload_new;
memcpy((void*)(payload_new), (void*)lethernet, size_ethernet);
payload_new += size_ethernet;
memcpy((void*)(payload_new), (void*)lip, size_ip);
payload_new += size_ip;
memcpy((void*)(payload_new), (void*)ltcp, size_tcp);
payload_new += size_tcp;
pkt = str_kt + packet_num - 1;
memcpy((void*)(payload_new), (void*)pkt, sizeof(kt));
pcap_dump((u_char*)out_pcap, header_new, payload_new);
int ret = pcap_dump_flush(out_pcap);
if (ret = -1) {
printf("error in pcap_dump_flush[%s] \n", pcap_geterr(handle));
}
}
int main(int argc, char* argv[])
{
char tmp[30];
int ret = 0;
printf("2012-2020 (C) Copyright YuanDian Corp. 2012. ALL RIGHTS RESERVED.\n");
if (argc < 3) {
usage(argv[0]);
}
/*int ch;
while((ch = getopt(argc, argv, "a: bcd")) = -1) {
switch(ch)
{
case 'a':
printf("option -f:%s\n", optarg);
exit(1);
case 'm':
printf("option -m:%s\n", optarg);
default:
printf("default:%c\n", ch);
usage(argv[0]);
}
}*/
char *cfeature = argv[1];
char *cmode = argv[2];
char *filename = argv[3];
printf("Process PCAP File:%s\n", filename);
char *dev,errbuf[PCAP_ERRBUF_SIZE];
struct bpf_program filter;
char filter_app[] = "port 3306";
bpf_u_int32 mask;
bpf_u_int32 net;
struct pcap_pkthdr header;
const u_char *packet;
printf("open file...\n");
handle = pcap_open_offline(filename, errbuf);
if (handle == NULL) {
printf("pcap_open_offline error[%s]\n", errbuf);
exit(-1);
}
printf("open file end...\n");
if (cfeature[0] == 'w') {
strcpy(m_outfile_path, argv[4]);
printf("Out PCAP File:%s\n", filename, m_outfile_path);
out_pcap = pcap_dump_open(handle, m_outfile_path);
if (out_pcap == NULL) {
printf("ERROR pcap_dump_open \n");
exit(-1);
}
}
if (cfeature[0] == 'r' and cmode[0] == 'n') {
pcap_loop(handle, -1, analyze_packet, NULL);
} else if (cfeature[0] == 'r' and cmode[0] == 'q') {
printf("read qqt file...\n");
pcap_loop(handle, -1, analyze_packet_qqtkt1, NULL);
printf("read qqt file end ...\n");
} else if (cfeature[0] == 'w') {
printf("write packet ...\n");
pcap_loop(handle, -1, analyze_packet_qqtkt_write1, NULL);
printf("write packet end ... \n");
}
ret = pcap_dump_flush(out_pcap);
if (ret = -1) {
printf("error in pcap_dump_flush [%s]\n" , pcap_geterr(handle));
}
pcap_close(handle);
if (cfeature[0] == 'w')
pcap_dump_close(out_pcap);
return 0;
}
使用pcap_open_offline打开输入pcap文件,然后使用pcap_dump_open创建输出pcap文件;循环读取输入文件,更改应用层的数据,再写入输出pcap文件;能成功生成的pcap输出文件,但数据却没有写入;请问是什么原因,请赐教!
#include<netinet/tcp.h>
#include<arpa/inet.h>
#include<libxml/xmlmemory.h>
#include<libxml/parser.h>
#include<string.h>
#include<time.h>
#define MAXBUFF 2048
char m_outfile_path[256+1];
pcap_dumper_t *out_pcap;
pcap_t *handle;
u_char *outfile;
u_char *payload_new;
FILE *fpcap;
struct kt
{
u_int id;
u_char name[20];
};
void analyze_packet_qqtkt_write1(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
struct kt *kt_payload, *kt_payload_new;
struct pcap_pkthdr header_qqt;
struct timezone tz;
gettimeofday(&header_qqt.ts, &tz);
header_qqt.caplen = 78;
header_qqt.len = 78;
struct pcap_pkthdr *header_new = &header_qqt;
static int packet_num;
struct ether_header *lethernet;
struct ip *lip;
struct tcphdr *ltcp;
u_char *payload;
//u_char *payload_new;
payload_new = new u_char[78];
if (payload_new == NULL) {
printf("error in new buffer\n");
exit(-1);
}
struct kt str_kt[4] = {{1,"gz111"},{2,"gz222"},{3,"gz333"},{4,"gz444"}};
//struct kt str_kt = {1,"gz111"};
struct kt *pkt = str_kt;
packet_num ++;
if (packet_num > 4) {
return;
}
int size_ethernet = sizeof(struct ether_header);
int size_ip = sizeof(struct ip);
int size_tcp = sizeof(struct tcphdr);
int size_payload = size_ethernet + size_ip + size_tcp;
printf("passw1[%d][%d]\n", header->caplen, header->len);
/*离线数据包解码*/
lethernet = (struct ether_header *)packet;
print_ethernet(lethernet);
lip = (struct ip *)(packet+size_ethernet);
ltcp = (struct tcphdr *)(packet+size_ethernet+size_ip);
//payload = (u_char *)(packet + size_ethernet + size_ip + size_tcp);
/*重新构造新数据包,并重写应用层数据,但数据却没成功写入*/
u_char *pn = payload_new;
memcpy((void*)(payload_new), (void*)lethernet, size_ethernet);
payload_new += size_ethernet;
memcpy((void*)(payload_new), (void*)lip, size_ip);
payload_new += size_ip;
memcpy((void*)(payload_new), (void*)ltcp, size_tcp);
payload_new += size_tcp;
pkt = str_kt + packet_num - 1;
memcpy((void*)(payload_new), (void*)pkt, sizeof(kt));
pcap_dump((u_char*)out_pcap, header_new, payload_new);
int ret = pcap_dump_flush(out_pcap);
if (ret = -1) {
printf("error in pcap_dump_flush[%s] \n", pcap_geterr(handle));
}
}
int main(int argc, char* argv[])
{
char tmp[30];
int ret = 0;
printf("2012-2020 (C) Copyright YuanDian Corp. 2012. ALL RIGHTS RESERVED.\n");
if (argc < 3) {
usage(argv[0]);
}
/*int ch;
while((ch = getopt(argc, argv, "a: bcd")) = -1) {
switch(ch)
{
case 'a':
printf("option -f:%s\n", optarg);
exit(1);
case 'm':
printf("option -m:%s\n", optarg);
default:
printf("default:%c\n", ch);
usage(argv[0]);
}
}*/
char *cfeature = argv[1];
char *cmode = argv[2];
char *filename = argv[3];
printf("Process PCAP File:%s\n", filename);
char *dev,errbuf[PCAP_ERRBUF_SIZE];
struct bpf_program filter;
char filter_app[] = "port 3306";
bpf_u_int32 mask;
bpf_u_int32 net;
struct pcap_pkthdr header;
const u_char *packet;
printf("open file...\n");
handle = pcap_open_offline(filename, errbuf);
if (handle == NULL) {
printf("pcap_open_offline error[%s]\n", errbuf);
exit(-1);
}
printf("open file end...\n");
if (cfeature[0] == 'w') {
strcpy(m_outfile_path, argv[4]);
printf("Out PCAP File:%s\n", filename, m_outfile_path);
out_pcap = pcap_dump_open(handle, m_outfile_path);
if (out_pcap == NULL) {
printf("ERROR pcap_dump_open \n");
exit(-1);
}
}
if (cfeature[0] == 'r' and cmode[0] == 'n') {
pcap_loop(handle, -1, analyze_packet, NULL);
} else if (cfeature[0] == 'r' and cmode[0] == 'q') {
printf("read qqt file...\n");
pcap_loop(handle, -1, analyze_packet_qqtkt1, NULL);
printf("read qqt file end ...\n");
} else if (cfeature[0] == 'w') {
printf("write packet ...\n");
pcap_loop(handle, -1, analyze_packet_qqtkt_write1, NULL);
printf("write packet end ... \n");
}
ret = pcap_dump_flush(out_pcap);
if (ret = -1) {
printf("error in pcap_dump_flush [%s]\n" , pcap_geterr(handle));
}
pcap_close(handle);
if (cfeature[0] == 'w')
pcap_dump_close(out_pcap);
return 0;
}
...全文
请发表友善的回复…
发表回复
xinyu0720 2012-11-21
- 打赏
- 举报
pcap_dump_open和pcap_open_offline不能用一个handle,应该用pcap_open_dead新建一个。例如:
new_handle = pcap_open_dead(DLT_EN10MB, 65535);
dump = pcap_dump_open(new_handle , new_filename);
dean.su 2012-02-02
- 打赏
- 举报
难道研究libpcap方面的人比较少!!
dean.su 2012-01-31
- 打赏
- 举报
谢谢!![Quote=引用 3 楼 liulcsy 的回复:]
帮你顶,让别人都看到
[/Quote]
帮你顶,让别人都看到
[/Quote]
RLib 2012-01-30
- 打赏
- 举报
pcap_dump有无返回值的
科比布莱恩特 2012-01-30
- 打赏
- 举报
帮你顶,让别人都看到
dean.su 2012-01-30
- 打赏
- 举报
返回VOID;
void pcap_dump(u_char *user, struct pcap_pkthdr *h,
u_char *sp);
void pcap_dump(u_char *user, struct pcap_pkthdr *h,
u_char *sp);
