Hi
It seems that current CVS version of pcap-linux.c does not support kernel
filter.I've try to modify the source code like
this in pcap_setfilter_linux() to set a kernel filter,but it does not work
correctly.
------------------------------------------------------
/* Make our private copy of the filter */
if (install_bpf_program(handle, filter) < 0)
/* install_bpf_pregram() filled in errbuf */
return -1;
/*#ifdef HAVE_PF_RING
return(0);
#endif
*/
------------------------------------------------------
I read we can set kernel filter by setsockop() implemented in ring_setsockopt
in ring_packet.c ,but why i can't do so?
anyone can tell me the reason?
----- Original Message -----
From: "Michael Stiller" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, January 30, 2007 7:33 PM
Subject: Re: [Ntop-misc] tcpdump w/ pfring
> Hi!
>
> The included patch to pcap-linux.c of the libpcap library fixes this
> issue. It's a patch for the pf_ring supplied version of libpcap/pcap-
> linux.c of course.
> If it doesn't work for you, make sure you rebuild tcpdump if
> the libs are statically linked.
>
> Cheers,
>
> -Michael
>
> --- pcap-linux.c.ring 2007-01-30 11:53:58.000000000 +0100
> +++ pcap-linux.c 2007-01-30 12:01:39.000000000 +0100
> @@ -483,6 +483,15 @@
> #ifdef HAVE_PF_RING
> if(handle->ring) {
> retry:
> + if (handle->break_loop) {
> + /*
> + * Yes - clear the flag that indicates that it
> + * has, and return -2 as an indication that we
> + * were told to break out of the loop.
> + */
> + handle->break_loop = 0;
> + return -2;
> + }
> packet_len = pfring_recv(handle->ring, (char*)handle->buffer,
> handle->bufsize,
> (struct pfring_pkthdr*)&pcap_header,
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
