Tcpdump

pcap_create
-->pcap_create_interface
-->handle->activate_op = pcap_activate_linux;

pcap_activate
-->status = p->activate_op(p);   <--> pcap_activate_linux
-->status = activate_new(handle);
-->socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
-------------------------------------
-->packet_create
-->register_prot_hook
-->dev_add_pack
-->ptype_head
-->list_add_rcu(&pt->list, head);

Received packets:

deliver_skb
-->pt_prev->func(skb, skb->dev, pt_prev, orig_dev); <--> packet_rcv || packet_rcv_spkt
-->__skb_queue_tail(&sk->sk_receive_queue, skb);
-->sk->sk_data_ready(sk);   || sock_def_readable
-->sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
-->wait_for_more_packets
-->skb_queue_walk
-->__skb_recv_datagram
-->skb_recv_datagram
-->packet_recvmsg
-->sock->ops->recvmsg
-->sock_recvmsg_nosec
-->sock_recvmsg
-->SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
       unsigned int, flags, struct sockaddr __user *, addr,
       int __user *, addr_len)
-->INLINE_SYSCALL (recvfrom, 6, fd, buf, n, flags, NULL, NULL);
-->recvfrom
-->pcap_read_packet
-->pcap_read_linux
-->n = p->read_op(p, cnt, callback, user);
-->pcap_loop

posted @ 2018-04-19 17:04 johnson.c 阅读(117) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

johnson.c

Tcpdump

公告