Error while compiling packet capturing code on FC2
Hi,
I wrote a packet sniffer on RH 9 using pcap library a year ago. Now i installed FC2 and tried to run the code there and i get this error: Warning: Kernel filter failed: Invalid argument when i run the program. The program is as follows: int main(int count, char *cmdln[]) { pcap_t *devdes; struct bpf_program fp; bpf_u_int32 mask,netip; char errbuf[PCAP_ERRBUF_SIZE]; int buffer; int n; int packet_captured; if(count==1) { printf("Arguments Required!!"); printf("\nUsage: ./filtercapn [expression] [n]\n"); exit(0); } if(count==2) n=-1; //This will put the capturing into infinite loop else n=atoi(cmdln[2]); //Open device for reading devdes=pcap_open_live("eth0",buffer,1,-1,errbuf); if(devdes==NULL) { printf("\npcap_open_live(): %s\n",errbuf); exit(0); } //Get the network IP address and the network mask. pcap_lookupnet("eth0",&netip,&mask,errbuf); //Compile the packet condition into filter program pcap_compile(devdes,&fp,cmdln[1],0,netip); //Set the filter program pcap_setfilter(devdes,&fp); //Send each packet captured according to the filter to the packet_analyser() pcap_loop(devdes,n,(pcap_handler)packet_analyser,NULL); return 0; } The error is comming in the pcap_filter() function as the kernel is not able to set the filter and gives the invalid filter error but the same filter string works fine with tcpdump. Please help me out, Rest is fine, Thanks!! |
Have you got any fix for this :)
|
Do you really have to wake up a 6 year old thread :confused:
|
I have similar issue with a Redhat system kernel, was wondering whether i should have a custom kernel to fix it ;)
|
All times are GMT -5. The time now is 12:08 AM. |