Probably should move this to ntop-misc - the list for non-ntop and subsidiary stuff like pf_ring. -----Burton
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mark lvy Sent: Friday, April 15, 2005 7:42 PM To: [email protected] Subject: [Ntop-dev] RING2.3.1 kernel crashes with a simple filter All, I copied & pasted a small code from tcpdump's website. After I linked it with the ring-enabled libpcap, it crashed with this short filter: "ip and ((dst net 192.168.83.183/32))" I am running RING2.3.1 with a Linux kernel 2.4.29. I have two interfaces. eth1 is my sniffing NIC. Any comments are highly appreciated! Here is the code: /*************************************************************************** ** * * * gcc -g -Wall -o crash crash_filters.c -L/usr/local/lib -lpcap * * -Suppose ring-enabled libpcap is installed at /usr/local/lib * * * * Usage: * * ./crash interface filter * * ex. crash eth1 "ip and ((dst net 192.168.83.183/32))" * * * * crashing test script: * * * * #!/bin/sh * * while (true) * * do * * ./crash eth1 "ip and ((dst net 192.168.83.183/32))" * * sleep 2 * * done * * * ***************************************************************************/ #include <pcap.h> #include <stdio.h> #include <stdlib.h> int main(int argc, char *argv[]) { pcap_t *handle; /* Session handle */ char *dev; /* The device to sniff on */ char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */ struct bpf_program filter; /* The compiled filter */ bpf_u_int32 mask; /* Our netmask */ bpf_u_int32 net; /* Our IP */ struct pcap_pkthdr header; /* The header that pcap gives us */ const u_char *packet; /* The actual packet */ /* Define the device */ dev = argv[1]; /* Find the properties for the device */ pcap_lookupnet(dev, &net, &mask, errbuf); /* Open the session in promiscuous mode */ handle = pcap_open_live(dev, BUFSIZ, 1, 0, errbuf); /* Compile and apply the filter */ pcap_compile(handle, &filter, argv[2], 0, net); pcap_setfilter(handle, &filter); /* Grab a packet */ packet = pcap_next(handle, &header); /* Print its length */ printf("Jacked a packet with length of [%d]\n", header.len); exit(0); } __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
