认识pcap_t
实例
handle = {
fd = 7, // 文件描述符
snapshot = 8192, // 可以接收的最大长度
linktype = 1, // LINKTYPE_ETHERNET 1 链路层的类型
tzoff = 0, /* timezone offset */
offset = 2, /* offset for proper alignment */
sf = { // struct pcap_sf sf; sf = savefile
rfile = 0x0, // File *
swapped = 0,
version_major = 0,
version_minor = 0,
base = 0x0
},
md = { // struct pcap_md md; more detail
stat = { // struct pcap_stat stat; As returned by the pcap_stats()
ps_recv = 0, /* number of packets received */
ps_drop = 0, /* number of packets dropped */
ps_ifdrop = 0 /* drops by interface XXX not yet supported */
},
use_bpf = 0, //
TotPkts = 0, /* can't oflow for 79 hrs on ether */
TotAccepted = 0, /* count accepted by filter */
TotDrops = 0, /* count of dropped packets */
TotMissed = 0, /* missed by i/f during this run */
OrigMissed = 0, /* missed by i/f before this run */
pad = 0,
skip = 0,
device = 0x80627a8 "eth0" // 使用哪个设备
},
bufsize = 1564, // buf的大小
buffer = 0x8062180 "", // buffer的指向
bp = 0x0, // buffer 指针
cc = 0, // capture counter ?
pkt = 0x0, // Place holder for pcap_next().
fcode = { // Placeholder for filter code if bpf not in kernel.
bf_len = 0, // 有多少条指令
bf_insns = 0x0 // 指令数组
},
errbuf = '�00' <repeats 255 times> // 错误信息
}