[Ntop-dev] RING2.3.1 kernel crashes with a simple filter

Fri, 15 Apr 2005 17:42:02 -0700 

All,

I copied & pasted a small code from tcpdump's website.
After I linked it with the ring-enabled libpcap, it
crashed
with this short filter:

"ip and ((dst net 192.168.83.183/32))"

I am running RING2.3.1 with a Linux kernel 2.4.29.
I have two interfaces. eth1 is my sniffing NIC.

Any comments are highly appreciated!

Here is the code:

/*****************************************************************************
 *                                                    
                                         *
 * gcc -g -Wall -o crash crash_filters.c
-L/usr/local/lib -lpcap           *
 *  -Suppose ring-enabled libpcap is installed at
/usr/local/lib          *
 *                                                    
                                         *
 * Usage:                                             
                                     *
 *       ./crash interface filter                     
                                   *
 *       ex. crash eth1 "ip and ((dst net
192.168.83.183/32))"           *
 *                                                    
                                         *
 * crashing test script:                              
                                 *
 *                                                    
                                        *
 *             #!/bin/sh                              
                                     *
 *             while (true)                           
                                    *
 *             do                                     
                                      *
 *             ./crash eth1 "ip and ((dst net
192.168.83.183/32))"       *
 *             sleep 2                                
                                   *
 *             done                                   
                                    *
 *                                                    
                                        *

***************************************************************************/

#include <pcap.h>
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{
    pcap_t             *handle;                       
       /* Session handle */
    char               *dev;                          
           /* The device to sniff on */
    char               errbuf[PCAP_ERRBUF_SIZE]; /*
Error string */
    struct bpf_program filter;                        
     /* The compiled filter */
    bpf_u_int32        mask;                          
   /* Our netmask */
    bpf_u_int32        net;                           
     /* Our IP */
    struct pcap_pkthdr header;                       
/* The header that pcap gives us */
    const u_char       *packet;                       
 /* The actual packet */

    /* Define the device */
    dev = argv[1];

    /* Find the properties for the device */
    pcap_lookupnet(dev, &net, &mask, errbuf);

    /* Open the session in promiscuous mode */
    handle = pcap_open_live(dev, BUFSIZ, 1, 0,
errbuf);

    /* Compile and apply the filter */
    pcap_compile(handle, &filter, argv[2], 0, net);
    pcap_setfilter(handle, &filter);
   
    /* Grab a packet */
    packet = pcap_next(handle, &header);
   
    /* Print its length */
    printf("Jacked a packet with length of [%d]\n",
header.len);

    exit(0);
}




                
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev

Reply via email to