Use Erlang NIF to snoop, capture packets. -

xumingyong

浏览: 182407 次
性别:
来自: 成都

最近访客更多访客>>

funing

room_bb

yangyi336

这就是全站唯一用户名

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

Use Erlang NIF to snoop, capture packets.

博客分类：

Erlang

Erlang Ubuntu GCC C C++

1. Overview

In Erlang/OTP R13B03, there is new feature called Native Implementation Function, Here I use NIF and libpcap library to have implemented a simple sniffer to real-time capturing packet from one interface.

简述：使用NIF实现简单的抓包程序。

2. Developing enviroment:

- Ubuntu 9.10: 2.6.31-14-generic

- gcc: 4.4.1

- libpcap.so.1.0.0

- Erlang/OTP R13B03

3. nif.erl

%%% nif sniffer

-module(nif).
-on_load(on_load/0).

-export([opendevice/1, capture/0, loop/1]).

on_load() ->
    ok = erlang:load_nif("./nif", 0),
    true.

opendevice(_Interface) ->
    error.

capture() ->
    error.

loop(0) ->
    ok;
loop(Count) ->
    Pkt = capture(),
    io:format("~p~n", [Pkt]),
    loop(Count-1).

4. nif.c

/* This file used to create a Erlang NIF which sniffer network packets. */

#include <erl_nif.h>
#include <stdio.h>
#include <pcap.h>
#include <string.h>
#include <ctype.h>


pcap_t *devHandler = NULL;

static int my_enif_get_string(ErlNifEnv *env, ERL_NIF_TERM list, char* buf)
{
    ERL_NIF_TERM cell, head, tail;
    int val;

    while (enif_get_list_cell(env, list, &head, &tail))
    {
        if (!enif_get_int(env, head, &val)) return 1;
        *buf = (char)val;
        buf++;
        list = tail;
    }
    *buf = '\0';
    return 0;
}


static ERL_NIF_TERM opendevice(ErlNifEnv* env, ERL_NIF_TERM device)
{
    char dev[64];
    char errbuf[PCAP_ERRBUF_SIZE];

    memset(errbuf, 0, PCAP_ERRBUF_SIZE);

    my_enif_get_string(env, device, dev);
    /* return enif_make_string(env, dev); */

    /* Parms: dev,snaplen,promisc,timeout_ms,errbuf
     * Notes: if timeout_ms is set by non-zero, system give "segment fault" error ?
     * to_ms=0 means wait enough packet to arrive.
     */
    devHandler = pcap_open_live(dev, 65535, 1, 0, errbuf);
    if(devHandler != NULL)
        return enif_make_string(env, "ok");
    else
        return enif_make_string(env, errbuf);
}


static ERL_NIF_TERM capture(ErlNifEnv* env)
{
    int i;
    struct pcap_pkthdr pkthdr;
    const u_char *packet = NULL;
    ErlNifBinary bin;

    packet = pcap_next(devHandler, &pkthdr);
    if(packet != NULL)
    {
        enif_alloc_binary(env, pkthdr.len, &bin);
        for(i = 0; i < pkthdr.len; i++)
        {
            bin.data[i] = packet[i];
        }
    }
    else
    {
        bin.size = sizeof("NULL");
        bin.data = "NULL";
    }
    return enif_make_binary(env, &bin);
}


static ErlNifFunc nif_funcs[] =
{
    {"capture", 0, capture},
    {"opendevice", 1, opendevice}
};

ERL_NIF_INIT(nif,nif_funcs,NULL,NULL,NULL,NULL)

5. 编译nif.c程序

gcc -fPIC -shared -o nif.so nif.c /usr/lib/libpcap.so -I/usr/local/lib/erlang/usr/include/

6. 开始测试

xumingyong@ubuntu:~/workspace/sniffer_nif$ sudo erl
Erlang R13B03 (erts-5.7.4) [source] [smp:2:2] [rq:2] [async-threads:0] [hipe] [kernel-poll:false]

Eshell V5.7.4  (abort with ^G)
1> c(nif).
{ok,nif}
2> nif:opendevice("eth0").
"ok"
3> nif:loop(5).
<<255,255,255,255,255,255,0,12,41,66,42,16,8,6,0,1,8,0,6,4,0,1,0,12,41,66,42,16,192,168,0,200,0,0,0,0,0,0,192,168,0,1>>
<<0,12,41,66,42,16,0,80,86,192,0,1,8,6,0,1,8,0,6,4,0,2,0,80,86,192,0,1,192,168,0,1,0,12,41,66,42,16,192,168,0,200,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0>>
<<0,80,86,192,0,1,0,12,41,66,42,16,8,0,69,0,0,84,0,0,64,0,64,1,184,143,192,168,0,200,192,168,0,1,8,0,68,170,146,13,0,1,86,157,102,75,108,91,13,0,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55>>
<<0,12,41,66,42,16,0,80,86,192,0,1,8,0,69,0,0,84,178,130,64,0,128,1,198,12,192,168,0,1,192,168,0,200,0,0,76,170,146,13,0,1,86,157,102,75,108,91,13,0,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55>>
<<0,80,86,192,0,1,0,12,41,66,42,16,8,0,69,0,0,84,0,0,64,0,64,1,184,143,192,168,0,200,192,168,0,1,8,0,121,143,146,13,0,2,87,157,102,75,54,117,13,0,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55>>
ok
4>

7. 注意

- Must be root user when start "erl" command, or you cannot open the network adapter interface.

- The output of "nif:loop(5)" command is 5 ARP packet, 1st is broadcast, 2nd is request, 3rd is reply, 4th is request, 5th is reply.

- Because the erlang/OTP NIF is experimental, the new erlang/OTP may be incompatible with this version, please check the newest online documentation.

0
顶

0
踩

分享到：

Use Erlang NIF to snoop, capture packets ... | New features of NIF in Erlang/OTP R13B04

2010-02-01 17:43
浏览 2565
评论(1)
分类:编程语言
查看更多

1 楼 mryufeng 2010-02-25

很有创意哦...

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

Use Erlang NIF to snoop, capture packets.

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

Use Erlang NIF to snoop, capture packets.

评论

发表评论

相关推荐

又一本ERLANG书：Erlang and OTP in Action

Use Erlang NIF to snoop, capture packets(in Windows XP), in OTP-R13B04

使用一个Makefile文件同时编译dll和beam文件

Use Erlang NIF to snoop, capture packets(in Windows XP)

New features of NIF in Erlang/OTP R13B04

Another erlang nif test

转载：UBUNTU下安装Erlang的两种方法

在SOLARIS x86下编译安装ERLANG的另一种方法（失败）

在SOLARIS x86下成功编译安装ERLANG

ERLANG编辑环境IDE配置

Erlang文件I/O性能测评

erlang网络编程的几个性能调优和注意点

用Erlang实现领域特定语言

ERLANG mnesia:create_table/2问题

ERLANG的OS_MON应用程序

erlang/OTP for TCP资源

ERLANG网上的资源

erlang:split_binary(Bin, N)的BUG

当你net_adm:ping(Node)的时候发生了什么？流程复杂 但是对理解dist工作原理至关重

erlang的crash_core_dump解读

最近访客更多访客>>

当你net_adm:ping(Node)的时候发生了什么？流程复杂但是对理解dist工作原理至关重