LibPCap pcap_loop() 不 return 任何数据包

LibPCap pcap_loop() does not return any packets

我的 C 程序有问题,在我开始捕获数据包之前一切正常。它应该记录,但 pcap_loop() 中的处理程序 void 不是。此外,当第 98 行的 fgets 中的输入被传递到 pcap create void 时,我还有另一个问题,它将无法通过名称找到接口。当我对字符串进行硬编码时它起作用了。

/* 
    Compile and run it using GCC ->
    gcc main.c -o output -L/usr/include -lpcap && ./output
*/
#include <stdio.h>
#include <pcap.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>

#define __NEWLINE__ "\r\r\n"
#define __SEPARATOR__ "------------------------"

/*
    Print all flags in human readable string 
    instead of hexadecimal number
*/
char* get_interface_flags(bpf_u_int32* decimal_flags) {
    char* flag_string = (char*)malloc(sizeof(char) * 30);
    strcpy(flag_string, "[=12=]");

    const int flag_names[9] = {
        PCAP_IF_LOOPBACK, 
        PCAP_IF_UP, 
        PCAP_IF_RUNNING, 
        PCAP_IF_WIRELESS
    };

    const char* flag_values[9] = {
        "LOOPBACK",
        "UP",
        "RUNNING",
        "WIRELESS"
    };

    for (size_t i = 0; i < (sizeof(flag_names) / sizeof(flag_names[0])); i++)
    {
        if(flag_names[i] & *decimal_flags) {
            if(strlen(flag_string) != 0) strcat(flag_string, ", ");
            strcat(flag_string, flag_values[i]);
        }
    }
    
    return flag_string;
}

/*
    Print available information about network interface
    This recursive function can be called again
    if there is more than one interface present
*/
void print_interface(pcap_if_t* device) {
    // Device parameters
    bpf_u_int32* flags = &device->flags;
    char* device_name = device->name;
    char* device_desc = device->description;
    char* flags_string = get_interface_flags(flags);

    // Device addresses  
    pcap_addr_t* addr = device->addresses;

    // We'll print devices with only 1 flag or more to avoid interfaces that aren't up
    if(strlen(flags_string) != 0) {
        fprintf(stdout, "%s: FLAGS(%lu)<%s>%s", device_name, strlen(flags_string), flags_string, __NEWLINE__);    
        fprintf(stdout, "%s%s", device_desc, __NEWLINE__);
        fprintf(stdout, "%s%s", __SEPARATOR__, __NEWLINE__);
    }

    // Check if there is another device to print, if so call the recursive function again
    if(device[0].next != NULL) print_interface(device->next);
    
    free(flags_string);
}

// Let user select the network interface that will capture packets
char* get_selected_interface() {
    char* selected_interface = (char*)malloc(sizeof(char) * 20);
    char* device_name;
    char* ip_addr;
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_if_t* alldevs;

    // Get all available network interfaces, returns PCAP_ERROR on failure or 0 on success
    int devices_succefully_returned = pcap_findalldevs(&alldevs, errbuf);

    // If there was an error while fetching interfaces, return empty char
    if(devices_succefully_returned == PCAP_ERROR) {
        printf("%s", errbuf);
        return '[=12=]';
    }

    print_interface(alldevs);

    fprintf(stdout, "Name of the network interface to use: ");
    fgets(selected_interface, 20, stdin);

    return selected_interface;
}

void captured_packet(u_char *args, const struct pcap_pkthdr *hdr, const u_char *pkt) {
    fprintf(stdout, "log");
}

void capture(char* device) {
    char* errbuf[PCAP_ERRBUF_SIZE];

    /*
        Will create a packet capture handle
        Returns NULL if handle can't be created, in this case
        we'll print out the error buffer and exit the program with 1 status code
    */
    pcap_t* created = pcap_create("eth0", *errbuf);

    if(created == NULL) {
        fprintf(stderr, "%s%s", *errbuf, __NEWLINE__);
        return exit(EXIT_FAILURE);
    };

    int activation_status = pcap_activate(created);

    if(activation_status == PCAP_ERROR || activation_status != 0) {
        fprintf(stderr, "%s", pcap_geterr(created));
        exit(EXIT_FAILURE);
    }

    /*
        Interface was activated so start capturing incoming packets
        capture_packet will handle incoming packets.
        We'll capture infinite amount of packets unless user provides a count
    */
    fprintf(stdout, "Interface activated!%s", __NEWLINE__);

    int loop_status = pcap_loop(created, -1, captured_packet, NULL);

    switch (loop_status) 
    {
        case PCAP_ERROR_BREAK:
            fprintf(stderr, "Loop was finished beacause of breakloop that was called.");
            break;
    
        case PCAP_ERROR_NOT_ACTIVATED:
            fprintf(stderr, "Device wasn't activated before it started capturing.");
            break;

        case 0:
            fprintf(stderr, "Loop was terminated due to exhaustion of count");
            break;

        default:
            fprintf(stderr, "Some error happened while trying to loop through packets -> %s", pcap_geterr(created));
            break;
    }

    // Program was successfully closed, exit..
    pcap_close(created);
    exit(0);
}

int main(int argc, char **argv) {
    if(getuid() != 0) {
        fprintf(stderr, "Please make sure to run this tool as root!%s", __NEWLINE__);
        return 1;
    }

    char* selected = get_selected_interface();
    capture(selected);
    free(selected);
    return 0;
}

我尝试了所有方法,它应该在“eth0”接口上记录无限数量的数据包,但没有任何反应。

I have problem with my C program, everything is fine until I start capturing packets. It should log, but the handler void in pcap_loop() isn't.

引用 pcap(3PCAP) 手册页:

   packet buffer timeout
          If, when capturing,  packets  are  delivered  as  soon  as  they
          arrive,  the  application capturing the packets will be woken up
          for each packet as it arrives, and might have  to  make  one  or
          more calls to the operating system to fetch each packet.
    
          If,  instead,  packets are not delivered as soon as they arrive,
          but are delivered after a short delay (called a  "packet  buffer
          timeout"),  more  than  one packet can be accumulated before the
          packets are delivered, so that a single wakeup would be done for
          multiple  packets,  and  each set of calls made to the operating
          system would supply  multiple  packets,  rather  than  a  single
          packet.  This reduces the per-packet CPU overhead if packets are
          arriving at a high rate, increasing the number  of  packets  per
          second that can be captured.
    
          The  packet  buffer  timeout  is required so that an application
          won't wait for the operating system's capture buffer to fill  up
          before  packets  are  delivered; if packets are arriving slowly,
          that wait could take an arbitrarily long period of time.
    
          Not all platforms support a packet buffer timeout; on  platforms
          that  don't, the packet buffer timeout is ignored.  A zero value
          for the timeout, on platforms that support a packet buffer time-
          out,  will  cause a read to wait forever to allow enough packets
          to arrive, with no timeout.  A negative value  is  invalid;  the
          result  of  setting  the  timeout  to a negative value is unpre-
          dictable.
    
          NOTE: the packet buffer timeout cannot be used  to  cause  calls
          that  read  packets  to  return within a limited period of time,
          because, on some platforms, the packet buffer timeout isn't sup-
          ported,  and,  on other platforms, the timer doesn't start until
          at least one packet arrives.  This means that the packet  buffer
          timeout  should  NOT  be  used,  for  example, in an interactive
          application to allow the packet capture  loop  to  ``poll''  for
          user  input  periodically,  as  there's no guarantee that a call
          reading packets will return after the timeout expires even if no
          packets have arrived.
    
          The packet buffer timeout is set with pcap_set_timeout().

和 pcap_set_timeout(3PCAP) 手册页:

   pcap_set_timeout() sets the packet buffer timeout that will be used  on
   a  capture  handle  when  the handle is activated to to_ms, which is in
   units of milliseconds.  (See pcap(3PCAP)  for  an  explanation  of  the
   packet buffer timeout.)

   The  behavior,  if the timeout isn't specified, is undefined, as is the
   behavior if the timeout is set to zero or to a negative value.  We rec-
   ommend  always setting the timeout to a non-zero value unless immediate
   mode is set, in which case the timeout has no effect.

你还没有打电话pcap_set_timeout();在某些平台上,这可能会导致 pcap_loop() 等待直到它获得一个充满数据包的整个缓冲区,这可能会花费大量时间。

将超时设置为 100,即 100 毫秒或十分之一秒。

Also I have another problem with the input in fgets on line 98 when it gets passed into the pcap create void it will not find the interface by the name. When I hardcode the string it works.

引用 fgets(3) 手册页(这是在 macOS 上,您可能正在使用 Linux,给定“eth0”名称,但我引用的所有内容手册页适用于 macOS、Linux 和其他 UN*Xes):

     The fgets() function reads at most one less than the number of characters
     specified by size from the given stream and stores them in the string
     str.  Reading stops when a newline character is found, at end-of-file or
     error.  The newline, if any, is retained.  If any characters are read and
     there is no error, a `[=12=]' character is appended to end the string.

此处的重要部分是“保留换行符(如果有)”。 - 这意味着,如果用户键入“eth0”然后按下 Return 键,读入的字符串将是“eth0\n”,带有换行符[=30] =].接口的名称是“eth0”,而不是“eth0\n”;在使用它之前,您必须从字符串中删除任何尾随的换行符。