0

I'm using eBPF and BCC to print out IP addresses of the packets I'm receiving.

For the kernel, I've programmed a code to print out from ip_t -> dst; which I assume it's an address of the destination.

For the user space, I've programmed a code to print out the user address from the bytecode.

I've checked many times with other variables to see if my program shows me the correct values of data stored within the packet header and it all worked well except for the addresses.

So, for the user level I get : destination ip address = 203.237.53.121

which is the static IP address I have given to the server.

However, when I print out ip_t -> dst, I get : 3421320703

I don't understand why they would have different out puts.

I'm trying to ultimately build a program which I can just aim to get packets only from a specific sender IP address and etc.

It would be great if anyone could help me out.

Thanks :)

Qeole
  • 8,284
  • 1
  • 24
  • 52
Rosè
  • 345
  • 2
  • 13
  • 1
    So the address you get from user space is `203.237.53.255`. It looks like a broadcast address, could it be that the packets you're examining are broadcast on the network? In that case, could it be that the address is reverted to a unicast address at some point before reaching your user program? – Qeole Jun 18 '19 at 08:29
  • Thanks for your kind reply. I will have to ccheck if that is the case. Thank you so much! – Rosè Jun 19 '19 at 11:46

0 Answers0