lo接口的PfRingDevice
PfRingDevice for lo interface
我正在使用 PF_RING 和 PCAP++ 来捕获和分析网络流量。
有时使用 lo 接口(环回)很有用:用于测试和回归分析。
顺便说一句,在你用你的命令打破它之前,环回一直保持沉默。
PF_RING 可能会给我环回流量。
#include <dnet.h>
#include <string>
#include <cstdint>
#include <pfring.h>
#include <pcapplusplus/Packet.h>
#include <pcapplusplus/IPv4Layer.h>
void main(int argc, char** argv) {
std::string iface_name = "lo";
if (argc > 1)
iface_name = argv[1];
pfring *ring = nullptr;
uint32_t flags;
flags = PF_RING_PROMISC |
PF_RING_DO_NOT_PARSE |
PF_RING_DO_NOT_TIMESTAMP;
ring = pfring_open(iface_name.c_str(), MAX_CAPLEN, flags);
pfring_set_application_name(ring, "traffic_capture");
pfring_set_direction(ring, rx_only_direction);
pfring_set_socket_mode(ring, recv_only_mode);
pfring_enable_ring(ring);
int res, i;
u_char *packet;
struct pfring_pkthdr pfring_hdr{};
timeval timestamp{};
uint32_t src_ip, dst_ip;
for (i = 0; i < 10; ) {
res = pfring_recv(ring, &packet, 0, &pfring_hdr, 1);
if (res > 0) {
timestamp = pfring_hdr.ts;
pcpp::RawPacket raw_packet(packet, pfring_hdr.caplen, timestamp, false);
// parse the raw packet into a parsed packet
pcpp::Packet parsed_packet(&raw_packet);
auto *ipLayer = parsed_packet.getLayerOfType<pcpp::IPv4Layer>();
if (ipLayer != nullptr) {
src_ip = ipLayer->getSrcIpAddress().toInt();
dst_ip = ipLayer->getDstIpAddress().toInt();
char buf_src[INET_ADDRSTRLEN];
char buf_dst[INET_ADDRSTRLEN];
printf("%s --> %s\n",
inet_ntop(AF_INET, &src_ip, buf_src, INET_ADDRSTRLEN),
inet_ntop(AF_INET, &dst_ip, buf_dst, INET_ADDRSTRLEN));
i++;
}
}
}
pfring_close(ring);
printf("DONE: processed %d packets\n", i);
return 0;
}
开始捕获运行命令:ping -I lo 127.0.0.3或tcpreplay -i lo dump.pcap
如何通过 PCAP++ 选择 lo 与 PF_RING 一起工作?
如何设置 PF_RING 的参数,例如打开标志、方向和 socket_mode?
#include <iostream>
#include <string>
#include <pcapplusplus/PfRingDevice.h>
#include <pcapplusplus/PfRingDeviceList.h>
int main(int argc, char** argv){
PfRingDevice *device = nullptr;
// Get Default Interface Name using Shell
std::string defaultInterface = "lo";
if (argc > 1)
defaultInterface = argv[1];
auto devices = PfRingDeviceList::getInstance().getPfRingDevicesList();
for (auto i: devices)
std::cout << i->getDeviceName() << std::endl;
// Get Instance of Default Interface
device = PfRingDeviceList::getInstance().getPfRingDeviceByName(defaultInterface);
if (device == nullptr) {
std::cout << "Couldn't locate default Network Driver \n";
return 1;
}
return 0;
此代码仅打印 ens... 或 eth...
而且不能选择lo.
屏幕截图如下。
第一个节目:
第二个节目:
好像PF_RING不支持lo,请看这个GitHub问题:https://github.com/ntop/PF_RING/issues/221
我也测试过,lo 不被 PF_RING 识别。
但是,正如问题中所建议的,您可以设置一个 PF_RING 可以看到的虚拟界面:
# ip link add dummy0 type dummy
# ip link set dev dummy0 up
更新:
问题已在提交 309e27a13b2c794103160a4652222dfb8d45b1b6 中解决。现在可以在 PfRingDevice
中查看和捕获来自 lo 的数据包
我正在使用 PF_RING 和 PCAP++ 来捕获和分析网络流量。
有时使用 lo 接口(环回)很有用:用于测试和回归分析。
顺便说一句,在你用你的命令打破它之前,环回一直保持沉默。
PF_RING 可能会给我环回流量。
#include <dnet.h>
#include <string>
#include <cstdint>
#include <pfring.h>
#include <pcapplusplus/Packet.h>
#include <pcapplusplus/IPv4Layer.h>
void main(int argc, char** argv) {
std::string iface_name = "lo";
if (argc > 1)
iface_name = argv[1];
pfring *ring = nullptr;
uint32_t flags;
flags = PF_RING_PROMISC |
PF_RING_DO_NOT_PARSE |
PF_RING_DO_NOT_TIMESTAMP;
ring = pfring_open(iface_name.c_str(), MAX_CAPLEN, flags);
pfring_set_application_name(ring, "traffic_capture");
pfring_set_direction(ring, rx_only_direction);
pfring_set_socket_mode(ring, recv_only_mode);
pfring_enable_ring(ring);
int res, i;
u_char *packet;
struct pfring_pkthdr pfring_hdr{};
timeval timestamp{};
uint32_t src_ip, dst_ip;
for (i = 0; i < 10; ) {
res = pfring_recv(ring, &packet, 0, &pfring_hdr, 1);
if (res > 0) {
timestamp = pfring_hdr.ts;
pcpp::RawPacket raw_packet(packet, pfring_hdr.caplen, timestamp, false);
// parse the raw packet into a parsed packet
pcpp::Packet parsed_packet(&raw_packet);
auto *ipLayer = parsed_packet.getLayerOfType<pcpp::IPv4Layer>();
if (ipLayer != nullptr) {
src_ip = ipLayer->getSrcIpAddress().toInt();
dst_ip = ipLayer->getDstIpAddress().toInt();
char buf_src[INET_ADDRSTRLEN];
char buf_dst[INET_ADDRSTRLEN];
printf("%s --> %s\n",
inet_ntop(AF_INET, &src_ip, buf_src, INET_ADDRSTRLEN),
inet_ntop(AF_INET, &dst_ip, buf_dst, INET_ADDRSTRLEN));
i++;
}
}
}
pfring_close(ring);
printf("DONE: processed %d packets\n", i);
return 0;
}
开始捕获运行命令:ping -I lo 127.0.0.3或tcpreplay -i lo dump.pcap
如何通过 PCAP++ 选择 lo 与 PF_RING 一起工作?
如何设置 PF_RING 的参数,例如打开标志、方向和 socket_mode?
#include <iostream>
#include <string>
#include <pcapplusplus/PfRingDevice.h>
#include <pcapplusplus/PfRingDeviceList.h>
int main(int argc, char** argv){
PfRingDevice *device = nullptr;
// Get Default Interface Name using Shell
std::string defaultInterface = "lo";
if (argc > 1)
defaultInterface = argv[1];
auto devices = PfRingDeviceList::getInstance().getPfRingDevicesList();
for (auto i: devices)
std::cout << i->getDeviceName() << std::endl;
// Get Instance of Default Interface
device = PfRingDeviceList::getInstance().getPfRingDeviceByName(defaultInterface);
if (device == nullptr) {
std::cout << "Couldn't locate default Network Driver \n";
return 1;
}
return 0;
此代码仅打印 ens... 或 eth...
而且不能选择lo.
屏幕截图如下。
第一个节目:
好像PF_RING不支持lo,请看这个GitHub问题:https://github.com/ntop/PF_RING/issues/221
我也测试过,lo 不被 PF_RING 识别。
但是,正如问题中所建议的,您可以设置一个 PF_RING 可以看到的虚拟界面:
# ip link add dummy0 type dummy
# ip link set dev dummy0 up
更新:
问题已在提交 309e27a13b2c794103160a4652222dfb8d45b1b6 中解决。现在可以在 PfRingDevice
lo 的数据包