庖丁解牛—winpcap源码彻底解密系列续集(9)

本文主要是介绍庖丁解牛—winpcap源码彻底解密系列续集(9)，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

设置用户缓冲区：pcap_setuserbuffer源码如下：

     int

pcap_setuserbuffer(pcap_t *p, int size)

 

{

     unsigned char *new_buff;

 

     if (!p->adapter) {

         sprintf(p->errbuf,"Impossible to set user buffer while reading from a file or on a TurboCap port");

         return -1;

     }

 

     if (size<=0) {

         /* Bogus parameter */

         sprintf(p->errbuf,"Error: invalid size %d",size);

         return -1;

     }

 

     /* Allocate the buffer */

     new_buff=(unsigned char*)malloc(sizeof(char)*size);   //分配用户缓冲区的size

 

     if (!new_buff) {

         sprintf(p->errbuf,"Error: not enough memory");

         return -1;

     }

 

     free(p->buffer);

    

     p->buffer=new_buff;              //保存用户缓冲区的地址

     p->bufsize=size;                 //保存用户缓冲区的size

 

     /* Associate the buffer with the capture packet */

     PacketInitPacket(p->Packet,(BYTE*)p->buffer,p->bufsize);

 

     return 0;

}

PacketInitPacket为初始化p->packet结构，函数源码如下：

/*!

  \brief Initializes a _PACKET structure.

  \param lpPacket The structure to initialize.

  \param Buffer A pointer to a user-allocated buffer that will contain the captured data.

  \param Length the length of the buffer. This is the maximum buffer size that will be

   transferred from the driver to the application using a single read.

 

  \note the size of the buffer associated with the PACKET structure is a parameter that can sensibly

  influence the performance of the capture process, since this buffer will contain the packets received

  from the the driver. The driver is able to return several packets using a single read call

  (see the PacketReceivePacket() function for details), and the number of packets transferable to the

  application in a call is limited only by the size of the buffer associated with the PACKET structure

  passed to PacketReceivePacket(). Therefore setting a big buffer with PacketInitPacket can noticeably

  decrease the number of system calls, reducing the impcat of the capture process on the processor.

*/

 

VOID PacketInitPacket(LPPACKET lpPacket,PVOID Buffer,UINT Length)

 

{

     TRACE_ENTER("PacketInitPacket");

 

    lpPacket->Buffer = Buffer;

    lpPacket->Length = Length;

     lpPacket->ulBytesReceived = 0;   //初始化lpPacket结构

     lpPacket->bIoComplete = FALSE;

 

     TRACE_EXIT("PacketInitPacket");

}

p->packet结构在pcap_read_win32_npf里面使用，用来接收数据包。

static int

pcap_read_win32_npf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)

{

     int cc;

     int n = 0;

     register u_char *bp, *ep;

 

#ifdef HAVE_REMOTE

     static int samp_npkt;                // parameter needed for sampling, with '1 out of N' method has been requested

     static struct timeval samp_time; // parameter needed for sampling, with '1 every N ms' method has been requested

#endif   /* HAVE_REMOTE */

 

     cc = p->cc;

     if (p->cc == 0) {

         /*

          * Has "pcap_breakloop()" been called?

          */

         if (p->break_loop) {

              /*

               * Yes - clear the flag that indicates that it

               * has, and return -2 to indicate that we were

               * told to break out of the loop.

               */

              p->break_loop = 0;

              return (-2);

         }

 

         /* capture the packets */

         if(PacketReceivePacket(p->adapter,p->Packet,TRUE)==FALSE){

              snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error: PacketReceivePacket failed");

              return (-1);

         }

             

         cc = p->Packet->ulBytesReceived;

 

         bp = p->Packet->Buffer;

     }

     else

         bp = p->bp;

 

。。。。。。。。。。。。。。。。。。。。。

}

这篇关于庖丁解牛—winpcap源码彻底解密系列续集(9)的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---