通过ctypes使用pcap的python分段错误

2024-06-09 22:25:16 发布

您现在位置:Python中文网/ 问答频道 /正文
2124 3

我使用libpcap通过ctypes将我的嗅探器从C移植到Python。下面是python代码:

import ctypes, sys
from ctypes.util import find_library

if sys.platform == "darwin":
    _pcap = ctypes.cdll.LoadLibrary(find_library("libpcap"))
elif sys.platform == "linux2":
    _pcap = ctypes.cdll.LoadLibrary("libpcap.so")

errbuf = ctypes.create_string_buffer(256)

pcap_lookupdev = _pcap.pcap_lookupdev
pcap_lookupdev.restype = ctypes.c_char_p
dev = pcap_lookupdev(errbuf)
print dev

# create handler
pcap_create = _pcap.pcap_create
handle = pcap_create(dev, errbuf)
print handle
if not handle:
    print "failed creating handler:",errbuf
    exit()

# monitor mode
pcap_can_set_rfmon = _pcap.pcap_can_set_rfmon
print "can rfmon:",pcap_can_set_rfmon(handle)

在Linux上它工作得非常好,但是在macosx上,当我使用handle时,它会遇到一个分段错误。handle even的值有时为负,有时为正。我已经尝试过将pcap_create的返回类型改为unsigned int,但这没用,但我认为它在OSX下返回了错误的类型。。。在

我用C语言在两个系统上都做了printf("size of pcap_t: %zu\n", sizeof(pcap_t *));,以获得pcap_t handler类型的大小。在Linux上是4,在OS X 8上是4。但我不知道从现在开始我不知道该怎么做。。。在

还是我走错了路?有人有主意吗?在


Tags: dev类型createsyspcapctypescanhandler
2条回答
网友
1楼 · 编辑于 2024-06-09 22:25:16

我真的很想来这里发帖,因为我在OSX上也有这个问题。我在你的代码中发现的问题是:

handle = pcap_create(dev, errbuf)

您需要设置restype,下面是我的示例,因为这可能会对您中的一些人有所帮助:https://github.com/killswitch-GUI/NIX-Sniffer-Examples

    import ctypes
    import threading
    import sys
    import os
    import errno


    OSX_PCAP_DYLIB = '/usr/lib/libpcap.A.dylib'
    OSX_LIBC_DYLIB = '/usr/lib/libSystem.B.dylib'
    PCAP_ERRBUF_SIZE = 256
    packet_count_limit = ctypes.c_int(1)
    timeout_limit = ctypes.c_int(1000) # In milliseconds 
    err_buf = ctypes.create_string_buffer(PCAP_ERRBUF_SIZE)

    class bpf_program(ctypes.Structure):
        _fields_ = [("bf_len", ctypes.c_int),("bf_insns", ctypes.c_void_p)]

    class pcap_pkthdr(ctypes.Structure):
        _fields_ = [("tv_sec", ctypes.c_long), ("tv_usec", ctypes.c_long), ("caplen", ctypes.c_uint), ("len", ctypes.c_uint)]

    class pcap_stat(ctypes.Structure):
        _fields_ = [("ps_recv",ctypes.c_uint), ("ps_drop",ctypes.c_uint), ("ps_ifdrop", ctypes.c_int)]

    def pkthandler(pkthdr,packet):
        print("In callback:")
        print("pkthdr[0:7]:",pkthdr.contents.len)
        print(pkthdr.contents.tv_sec,pkthdr.contents.caplen,pkthdr.contents.len)
        print(packet.contents[:10])
        print()

    print "                     -"
    libc = ctypes.CDLL(OSX_LIBC_DYLIB, use_errno=True)
    if not libc:
        print "Error loading C libary: %s" % errno.errorcode[ctypes.get_errno()]
    print "* C runtime libary loaded: %s" % OSX_LIBC_DYLIB
    pcap = ctypes.CDLL(OSX_PCAP_DYLIB, use_errno=True)
    if not pcap:
        print "Error loading C libary: %s" % errno.errorcode[ctypes.get_errno()]
    print "* C runtime libary loaded: %s" % OSX_PCAP_DYLIB
    print "* C runtime handle at: %s" % pcap

    print "                     -"
    pcap_lookupdev = pcap.pcap_lookupdev
    pcap_lookupdev.restype = ctypes.c_char_p
    dev = pcap.pcap_lookupdev()
    print "* Device handle at: %s" % dev

    net = ctypes.c_uint()
    mask = ctypes.c_uint()
    pcap.pcap_lookupnet(dev,ctypes.byref(net),ctypes.byref(mask),err_buf)
    print "* Device IP to bind: %s" % net
    print "* Device net mask: %s" % mask

    #pcap_t *pcap_open_live(const char *device, int snaplen,int promisc, int to_ms, char *errbuf)
    pcap_open_live = pcap.pcap_open_live
    pcap_open_live.restype = ctypes.POINTER(ctypes.c_void_p)
    pcap_create = pcap.pcap_create
    pcap_create.restype = ctypes.c_void_p
    #pcap_handle = pcap.pcap_create(dev, err_buf)
    pcap_handle = pcap.pcap_open_live(dev, 1024, packet_count_limit, timeout_limit, err_buf)
    print "* Live capture device handle at: %s" % pcap_handle 

    pcap_can_set_rfmon = pcap.pcap_can_set_rfmon
    pcap_can_set_rfmon.argtypes = [ctypes.c_void_p]
    if (pcap_can_set_rfmon(pcap_handle) == 1):
        print "* Can set interface in monitor mode"

    pcap_pkthdr_p = ctypes.POINTER(pcap_pkthdr)()
    packetdata = ctypes.POINTER(ctypes.c_ubyte*65536)()
    #print pcap.pcap_next(pcap_handle,ctypes.byref(pcap_pkthdr_p))

    if (pcap.pcap_next_ex(pcap_handle, ctypes.byref(pcap_pkthdr_p), ctypes.byref(packetdata)) == 1):
        print "* Packet captured!"
        pkthandler(pcap_pkthdr_p,packetdata)
网友
2楼 · 编辑于 2024-06-09 22:25:16

数据类型很重要。在

您需要告诉ctypes,pcap_create()的返回值是一个指针,并且您需要告诉它pcap_can_set_rfmon()的参数是一个指针。在

你这样做

# create handler
pcap_create = _pcap.pcap_create
pcap_create.restype = ctypes.c_void_p
handle = pcap_create(dev, errbuf)
print handle
if not handle:
    print "failed creating handler:",errbuf
    exit()

# monitor mode
pcap_can_set_rfmon = _pcap.pcap_can_set_rfmon
pcap_can_set_rfmon.argtypes = [ctypes.c_void_p]
print "can rfmon:",pcap_can_set_rfmon(handle)

^{pr2}$

以及

pcap_can_set_rfmon.argtypes = [ctypes.c_void_p]

这里需要行。此代码将同时使用32位和64位指针,因此您可以在32位和64位Linux、32位和64位OS X(以及32位和64位Solaris、32位和64位FreeBSD和…)上使用它,只要对代码进行任何更改就可以加载库-在大多数Un*xes上,共享库的名称都以“.so”结尾,因此,如果您不想在其他Un*xes上使用find_library,那么Linux代码就足够了)。在

相关问题 更多 >

    编程相关推荐