Search code examples
csocketsnetwork-programminglibpcappf-ring

pf_ring and libpcap if_index not returning

I have recently been getting involved with having to utilize pf_ring / libpcap. I have never developed with libpcap or pf_ring so please forgive what might appear to be a silly question, as network programming is semi new to me... In broad terms what I am trying to do is access the if_index for packets received. I currently have a simple raw packet sniffer created with "C" utilizing pf_ring as shown below:

#include <pcap.h>
#include <pfring.h>
#include <string.h>
#include <stdlib.h>

#define MAXBYTES2CAPTURE 2048


void processRingPacket(const struct pfring_pkthdr* pkthdr, const u_char* packet, const u_char *arg)
{
        int i=0, *counter = (int*)arg;

        printf("Packet Count: %d ", ++(*counter));
        printf("Received Packet Size: %d ", pkthdr->len);
        printf("ifIndex: %d ", pkthdr->extended_hdr.if_index);
        printf("Payload:\n");

        for(i=0; i < pkthdr->len; i++)
        {
            if(isprint(packet[i]))
            {
                    printf("%c ", packet[i]);
            }

            else
            {
                    printf(". ");
            }

            if((i % 16 == 0) && (i != 0) || (i == pkthdr->len-1))
            {
                    printf("\n");
            }
    }

    return;

}

int main()
{
    int count = 0;
    char *device = "eth0";  

    printf("Opening Device: %s\n", device); 

    pfring* ring = pfring_open(device, MAXBYTES2CAPTURE, 0);
    pfring_enable_ring(ring);

    pfring_loop(ring, processRingPacket, (u_char*)&count, 1);   

    return 0;
}

Looking at the pfring_pkthdr struct within the pf_ring API, I should be able to do the following:

pkthdr->extended_hdr.if_index

However, when I try to print out the index it just prints 0. I am guessing the if_index is not actually being set, as when I actually call the pf_ring function to get the device if index, I actually receive a value for the specified device:

pfring_get_device_ifindex (pfring *ring, char *device_name, int *if_index)

The problem is I am trying to view the if_index for each packet, hence within the call back function "processRingPacket" there is no way to generically specify the device. I say generically here because there will be two interfaces capturing packets. Any ideas on what my rookie mistake might be?

Solution

  • I think you need to pass in PF_RING_LONG_HEADER as a flag to pfring_open(). So it becomes, pfring_open(device, MAXBYTES2CAPTURE, PF_RING_LONG_HEADER);