On Thu, Mar 07, 2002 at 08:18:59AM +0200, NetDevel wrote:
> I have a problem in developing application with WinPcap 2.2 (Visual C++ 6.0)
> I want to set a pcap filter on the open capture device but get fail.
> This is my code example (I use a dymamic loading wpcap.dll and packet.dll):
>
> -----------------------------
> pcap_t *fp;
> struct bpf_program fcode;
> char *filter="icmp";
> char *device="\Device\Packet_{D0B74528-2480-47DC-85FC-0C3E82F5438C}";
> int r;
>
> fp=(*pfnpcapopenlive)(device,500,TRUE,4,error);
> r=(*pfnpcapcompile)(fp,&fcode,filter,0,0xffffff);
> r=(*pfnpcapsetfilter)(fp,&fcode);
>
> -----------------------------
>
> After that, pcap_loop leads to exception.
> I've got fcode structure filled by zeros in debugger. What's wrong?
Well, there are two things wrong with the code as presented there:
1) you're not checking for errors - you're not checking whether
"fp" is null (and reporting the error in "error" if it is),
you're not checking whether "r" is -1 after the call to
"pcap_compile()" (and reporting the error returned by
"pcap_geterr()" if it is), and you're not checking whether
"r" is -1 after the call to "pcap_setfilter()" (and reporting
the error returned by "pcap_geterr()" if it is);
2) the string pointed to by "device" doesn't have double
backslashes in it - the string should be
char *device="\\Device\\Packet_{D0B74528-2480-47DC-85FC-0C3E82F5438C}";
if you want the string to contain the characters
\\Device\\Packet_{D0B74528-2480-47DC-85FC-0C3E82F5438C}
because in C character string constants, a backslash causes
the next character (or next few characters, for octal or
hexadecimal escapes) to be interpreted specially.
The single backslashes would cause the "pcap_open_live()" call to fail,
so that "fp" would be null; as the code isn't checking for errors, it
wouldn't report the problem, but would just go on to compile
"pcap_compile()", "pcap_setfilter()", and "pcap_loop()".
The call to "pcap_compile()" would probably either fail or get an
exception, as would the call to "pcap_setfilter()", due to a null
"pcap_t *" being passed to them, and the "pcap_loop()" call, it appears,
got an exception due to the null pointer you presumably passed to it.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
