0

A same program can be run successfully on Opensuse 12.1 (x64) While can't be run on Fedora 16 (x64) on Fedora 16 , it displayed "Err calling pcap_compile" I don't know what difference between these OS, I think they are quite same, But I make sure Opensuse 12.1 can filter and capture packet successfully.

int init_capture() {
int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* descr;
const u_char *packet;
struct pcap_pkthdr hdr; /* pcap.h */
struct ether_header *eptr; /* net/ethernet.h */
struct bpf_program fp;
char portfilter[20]= "dst port 1521";
bpf_u_int32 maskp;
bpf_u_int32 netp;
/* grab a device to peak into... */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
    printf("%s\n", errbuf);
    exit(1);
}
pcap_lookupnet(dev,&netp,&maskp,errbuf);
/* open device for reading */
descr = pcap_open_live(dev, BUFSIZ, 0, -1, errbuf);
if (descr == NULL) {
    printf("pcap_open_live(): %s\n", errbuf);
    exit(1);
}
if (pcap_compile(descr,&fp,portfilter,0,netp) == -1)
{
    printf("Err calling pcap_compile\n");
    exit(1);
}
if (pcap_setfilter(descr,&fp) == -1)
{
    printf("Err setting filter \n");
    exit(1);
}

/* allright here we call pcap_loop(..) and pass in our callback function */
/* int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)*/
/* If you are wondering what the user argument is all about, so am I!!   */
pcap_loop(descr, -1, capture_callback, NULL);

fprintf(stdout, "\nDone processing packets... wheew!\n");
return 0;

}

user1111073
  • 39
  • 1
  • 3
  • 10

1 Answers1

0

If pcap_compile() fails, you should do

printf("Err calling pcap_compile: %s\n", pcap_geterr(descr));

and see what problem it's reporting. That might help us determine what's going wrong on Fedora; without knowing what the failure is, it's hard to determine what how to fix it - the filter is one that should work on any link-layer type that supports IP, and pcap_lookupdev() should always return such a device.

However, pcap_lookupnet() could conceivably fail if, for example, you're opening a device that has no IPv4 address assigned to it. If it fails, you should probably just pass 0 as both netp and maskp - you might just initialize them to 0 before calling pcap_lookupnet(). That shouldn't make a difference, however - the net and mask shouldn't be required for a filter such as dst port 1521.

(BTW, -1 is not a valid timeout argument to pcap_open_live() - I'd use 1000 instead - but that might be OK on Linux; the open would fail if it weren't valid, but the open isn't failing for you, as it's reporting an error in pcap_compile().)