LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   Kernel Filter Failed error while compiling packet capturing code on FC2 (https://www.linuxquestions.org/questions/programming-9/kernel-filter-failed-error-while-compiling-packet-capturing-code-on-fc2-279626/)

Prakhardeep 01-19-2005 04:10 AM

Error while compiling packet capturing code on FC2
 
Hi,
I wrote a packet sniffer on RH 9 using pcap library a year ago. Now i installed FC2 and tried to run the code there and i get this error:

Warning: Kernel filter failed: Invalid argument

when i run the program.

The program is as follows:

int main(int count, char *cmdln[])
{

pcap_t *devdes;
struct bpf_program fp;
bpf_u_int32 mask,netip;
char errbuf[PCAP_ERRBUF_SIZE];
int buffer;
int n;
int packet_captured;

if(count==1)
{
printf("Arguments Required!!");
printf("\nUsage: ./filtercapn [expression] [n]\n");
exit(0);
}


if(count==2)
n=-1; //This will put the capturing into infinite loop
else
n=atoi(cmdln[2]);

//Open device for reading
devdes=pcap_open_live("eth0",buffer,1,-1,errbuf);

if(devdes==NULL)
{
printf("\npcap_open_live(): %s\n",errbuf);
exit(0);
}

//Get the network IP address and the network mask.
pcap_lookupnet("eth0",&netip,&mask,errbuf);

//Compile the packet condition into filter program
pcap_compile(devdes,&fp,cmdln[1],0,netip);

//Set the filter program
pcap_setfilter(devdes,&fp);

//Send each packet captured according to the filter to the packet_analyser()
pcap_loop(devdes,n,(pcap_handler)packet_analyser,NULL);

return 0;
}

The error is comming in the pcap_filter() function as the kernel is not able to set the filter and gives the invalid filter error but the same filter string works fine with tcpdump.

Please help me out,

Rest is fine,

Thanks!!

arunns 08-02-2011 07:00 AM

Have you got any fix for this :)

Wim Sturkenboom 08-02-2011 10:32 AM

Do you really have to wake up a 6 year old thread :confused:

arunns 08-10-2011 04:55 AM

I have similar issue with a Redhat system kernel, was wondering whether i should have a custom kernel to fix it ;)


All times are GMT -5. The time now is 12:08 AM.