Building.Open.Source.Network.Security.Tools.Components.And.Techniques [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Building.Open.Source.Network.Security.Tools.Components.And.Techniques [Electronic resources] - نسخه متنی

Mike D. Schiffman

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید






Native Datatypes

Libpcap provides a few native datatypes that the applications programmer needs to recognize.



pcap_t


pcap_t is a typedef from the pcap structure, libpcap's native handler datatype. pcap_t is the main monolithic structure containing all of the details that make up a pcap descriptor, which in turn references a libpcap session. One of the pcap_open_*() functions initializes this dataype for the user. Every major function within libpcap either modifies or reads from a pcap_t pcap descriptor. While it is vital to understand the pcap_t datatype, it is a fully opaque structure (the applications programmer should never have to look inside it).



pcap_addr_t


pcap_addr_t is a typedef from the pcap_addr structure. This datatype holds address information inside pcap_if_t. The following elements of pcap_addr_t are useful to the application programmer.



struct pcap_addr *next;


next is the next element in the list.



struct sockaddr *addr;


addr contains the network address of the interface.



struct sockaddr *netmask;


netmask contains the netmask for the address.



struct sockaddr *broadaddr;


broadaddr contains the broadcast for the address.



struct sockaddr *dstaddr;


dstaddr contains the point-to-point destination for the address.



pcap_if_t


pcap_if_t is a typedef from the pcap_if structure. This datatype holds information about interfaces that are available to libpcap, usually filled in by pcap_findalldevs(). The following elements of pcap_if_t are useful to the application programmer.



struct pcap_if *next;


next is the next element in the list.



char *name;


name is the canonical name of the interface, which is useful to pass to pcap_open_live().



char *description;


description is an optional description of the device.



struct pcap_addr addresses;


addresses contains a linked list of address information (described earlier).



struct pcap_stat {


pcap_stat is where libpcap stores its statistical information about each session. Depending on the underlying packet capturing interface and whether or not a libpcap filter has been installed, the semantics of the interpretation of each of the following structure members changes.



u_int ps_recv;


ps_recv counts the number of received packets, and you should interpret it as per Table 2.1.
































































Table 2.1: pcap_stat.ps_recv Semantics

INTERFACE


MEANING





BPF


packets handed to the filter





DLPI


packets handed to the filter





Linux


packets that passed the filter





NIT


packets handed to the filter





PF


packets that passed the filter





SNIT


packets handed to the filter





Snoop


packets that passed the filter









u_int ps_drop;


ps_drop counts the number of dropped packets, and you should interpret it as per Table 2.2.






































































Table 2.2: pcap_stat.ps_drop Semantics

INTERFACE


MEANING





BPF


packets handed to the filter but dropped due to insufficient buffer space





DLPI


packets dropped due to resource limitations regardless of the filter





Linux 2.2.x


not implemented





Linux 2.4.x


packets dropped due to resource exhaustion or flow control regardless of the filter





NIT


packets dropped due to resource exhaustion or flow control regardless of the filter





PF


packets dropped due to a full input queue regardless of the filter





SNIT


packets dropped due to resource exhaustion or flow control regardless of the filter





Snoop


packets dropped due to hardware problems or resource limits regardless of the filter









u_int ps_ifdrop;


ps_ifdrop is only implemented on systems supporting the pf interface (Ultrix and Digital Unix). On these systems, it records the number of packets that the network interface actually drops.



};
struct pcap_pkthdr {


pcap_pkthdr is the structure overlay that is prepended to every packet that libpcap returns to the pcap_handler function.



struct timeval ts;


ts records the time in seconds and microseconds that the packet arrived on the interface.



bpf_u_int32 caplen;


caplen records the length of the packet actually captured by libpcap. The snapshot length (snaplen) variable set often constrains this datatype in pcap_open_live().



bpf_u_int32 len;


len records the length of the packet as it appeared directly from the wire.



};


/ 135