Problem in transferring packet capturing code fron RH9 to FC2
Hi,
I wrote a packet sniffer on RH 9 using pcap library a year ago. Now i installed FC2 and tried to run the code there and i get this error:
Warning: Kernel filter failed: Invalid argument
when i run the program.
The program is as follows:
int main(int count, char *cmdln[])
{
pcap_t *devdes;
struct bpf_program fp;
bpf_u_int32 mask,netip;
char errbuf[PCAP_ERRBUF_SIZE];
int buffer;
int n;
int packet_captured;
if(count==1)
{
printf("Arguments Required!!");
printf("\nUsage: ./filtercapn [expression] [n]\n");
exit(0);
}
if(count==2)
n=-1; //This will put the capturing into infinite loop
else
n=atoi(cmdln[2]);
//Open device for reading
devdes=pcap_open_live("eth0",buffer,1,-1,errbuf);
if(devdes==NULL)
{
printf("\npcap_open_live(): %s\n",errbuf);
exit(0);
}
//Get the network IP address and the network mask.
pcap_lookupnet("eth0",&netip,&mask,errbuf);
//Compile the packet condition into filter program
pcap_compile(devdes,&fp,cmdln[1],0,netip);
//Set the filter program
pcap_setfilter(devdes,&fp);
//Send each packet captured according to the filter to the packet_analyser()
pcap_loop(devdes,n,(pcap_handler)packet_analyser,NULL);
return 0;
}
The error is comming in the pcap_filter() function as the kernel is not able to set the filter and gives the invalid filter error but the same filter string works fine with tcpdump.
Please help me out,
Rest is fine,
Thanks!!
|