PF_RING + libpcap
最近在弄libpcpap抓包的问题,头都大了!/proc/net/pf_ring中的一个文件显示抓了3000多包,丢失为0
可是我跑的程序用的libpcap,结果只有几百个包,丢了很多包,请问这有哪些方面的原因?
还望高手指点! filter 设置的问题有可能! 回复 2# crazyhadoop
filter?过滤? 我没用啊 抓所有的包的 PF_RING 怎么能添加自己的过滤规则,指定一个IP,然后把它的数据包过滤掉,同时不影响其它数据包的抓取!求技术交流,15304559421@189.cn或者854631835@qq.com struct bpf_insnsinsns[] = {
BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 12),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ETHERTYPE_IP, 0, ,
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, 26),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x8003700f, 0, 2),
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, 30),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x80037023, 3, 4),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x80037023, 0, 3),
BPF_STMT(BPF_LD+BPF_W+BPF_ABS, 30),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x8003700f, 0, 1),
BPF_STMT(BPF_RET+BPF_K, (u_int)-1),
BPF_STMT(BPF_RET+BPF_K, 0),
};
filter.bf_insns=insns;
filter.bf_len=sizeof(filter)/sizeof(insns);
添加完这个结构体数组之后
pfcount.c: In function 'dummyProcesssPacket':
pfcount.c:316: error: array type has incomplete element type
pfcount.c:316: warning: unused variable 'insns'
页:
[1]