缓存从pcap捕获的数据包 [英] Caching packets captured from pcap

问题描述

这是对此的后续问题: 重建要通过pcap注入的数据包

This is a follow-up question to this: Rebuilding a packet to inject via pcap

我想完成的事情:

1. functionA:使用pcap捕获数据包.修改源/目标地址.重新计算校验和.用pcap注入.

1. functionA: Capture packets with pcap. Modify source/destination addresses. Recalculate checksums. Inject with pcap.

功能B:创建两个线程.线程1发送一个魔术包来唤醒睡眠中的客户端.线程2使用pcap捕获数据包，并将数据包缓存到u_char *的数组中，因为pcap将数据包数据串行放入"u_char * packet"中.当两个线程都终止时，我然后更改标头，然后注入每个缓存的数据包.

functionB: Create two threads. Thread 1 sends a magic packet to wake sleeping client. Thread 2 captures packets with pcap and caches the packets into an array of u_char *'s, since pcap puts the packet data serially into "u_char * packet". When both threads terminate, I then change the headers then inject each of the cached packets.

我需要帮助的地方

1. 功能A:除了计算校验和外，我可以做所有事情.我试图通过使用函数自己计算校验和来验证原始校验和，但它们始终不匹配.但是，这个问题并不重要，因为我不需要它来演示我的最终项目.我知道，如果IP校验和不正确，接收方计算机将丢弃该数据包.但是，当我进行演示时，只要可以证明我的客户端计算机已收到此错误的数据包，就可以证明我的总体概念并且不会失败. :)

1. functionA: I can do everything but calculate checksums. I tried to verify the original checksum by calculating it myself with a function but they never match. However, this issue is not as important because I don't need it to demo my final project. I understand that if IP checksums are incorrect, the receiving computer will discard the packet. But when I demo, so long as my client computer can be shown to have received this incorrect packet, I have proven my overall concept and will not fail. :)

functionB:我想这是更重要的问题.我不知道一种简单的方法来缓存捕获的数据包.我现在正在做的事情如下:

functionB: I guess this is the more important problem. I don't know of an easy way to cache my captured packets. What I'm working on right now is as follows:

functionB创建一个指向存储u_char *的数组的指针，称为cachedPackets.因此，cachedPackets基本上指向存储字符串"的数组.

functionB creates a pointer to an array that stores u_char * called cachedPackets. So cachedPackets basically points to an array that stores "strings".

会是这样吗? u_char ** cachedPackets[100]，足够用于100个数据包的数组元素.

It'll be something like this? u_char ** cachedPackets[100], enough array elements for 100 packets.

此后，我启动了两个线程. Thread1唤醒我正在睡眠的客户端. Thread2打开另一个pcap会话，因此在客户端唤醒时不会丢失任何数据. Thread1很简单，我已经独立测试了发送魔术包功能. Thread2是我搞砸的地方.

After this, I start two threads. Thread1 to wake my sleeping client. Thread2 to open another pcap session so no data is lost while client is waking. Thread1 is easy, I've already tested my send magic packet function independently. Thread2 is where I'm screwing up.

Thread2最终调用int pcap_loop(pcap_t *p, int cut, pcap_handler callback, u_char *user).

Thread2 eventually calls int pcap_loop(pcap_t *p, int cut, pcap_handler callback, u_char *user).

回调是捕获每个数据包后将运行的功能.这是我将数据包缓存到阵列中的地方.

callback is the function that will be run after each packet is captured. It is where I will be caching the packet into the array.

回调采用参数( u_char* user, const struct pcap_pkthdr* packet_header, const u_char* packet_data )

callback takes parameters ( u_char* user, const struct pcap_pkthdr* packet_header, const u_char* packet_data )

user是pcap_loop的第4个参数中的相同字符串.

user is the same string in the 4th argument of pcap_loop.

所以我在想，我可以通过类型转换将其回调函数偷偷地提供给字符串数组的指针.

So I was thinking, I could sneakily give my callback function the pointer to the array of string by type casting it.

pcap_loop(asdf, asdf, callback, (u_char *)cachedPackets);

由于我不知道传入数据包的大小，因此我将在回调函数中动态分配足够的空间.我还将使用静态int跟踪我在数组中的位置.

Since I don't know how big the incoming packets will be, I'll dynamically allocate enough space in the callback function. I will also keep track of my position in the array with a static int.

这是回调的样子:

void cacheCall(u_char * user, const struct pcap_pkthdr * header, const u_char * packet)

    static int cacheindex = 0;

    u_char ** cachethis = (u_char **)user; 

    //u_char * cachething = *cachethis;
    (*cachethis)[cacheindex] = (u_char *) malloc(header->len); <--- 497


    int i = 0;

    for(i = 0; i < header->len; i++)
    {
        (*cachethis)[cacheindex][i] = packet[i]; <-------------------503
    }

    //memcpy(cachething[cacheindex], packet, header->len);
    cacheindex++;

但是当我编译时，我得到了

but when I compile, i get

497: warning: assignment makes integer from pointer without a cast
503: error: subscripted value is neither array nor pointer

这是一个漫长的过程，希望我对自己正在做的事情的了解不会完全误导.任何帮助都是极好的！ :)

That was pretty longwinded, hopefully my knowledge of what I'm doing isn't completely misinformed. Any help would be awesome! :)

推荐答案

u_char ** cachethis;

cachethis是指向u_char的指针.

cachethis is a pointer-to-pointer-to-u_char.

所以:

*cachethis

是指向u_char的指针，并且:

is a pointer-to-u_char, and:

(*cachethis)[i]

是普通的u_char.

因此，第497行尝试将指针存储到u_char中，而第503行尝试为下标u_char下标，两者均无效.

So line 497 tries to store a pointer into an u_char, and line 503 tries to subscript a u_char, both of which are invalid.

看起来像您想要的只是:

Looks like what you want is simply:

cachethis[i]

和

cachethis[i][j]

这篇关于缓存从pcap捕获的数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！