My application is a monitoring application that monitors the incoming udp packet when ever required. When ever a particular source ip and port and dest ip and port is provided the filter will be framed based them. For eg,
Code:
char filterExpr[1024];
filterExpr = "udp and src host 192.168.16.100 and dst host 55.55.55.55 and src port 3248 and dst port 1234";
putenv("PCAP_SNAPLEN=1600");
putenv("PCAP_FRAMES=2048");
putenv("PCAP_TO_MS=200");
putenv("PCAP_PROMISC=-1");
putenv("PCAP_PROTO=ip");
pCapture = pcap_opn_live(..);
if(!pCapture)
{
return -1;
}
if(pcap_lookupnet(..)<0)
{
return -1;
}
if(pcap_compile(pCapture, &fcode, filterExpr, 0, netmask) < 0)
{
pcap_close(pCapture);
return -1;
}
if(pcap_setfilter(pCapture, &fcode))
{
pcap_close(pCapture);
return -1;
}
........
on timeout pcap_dispatch will be called to process the packets.
when the traffic is selected for unmonitoring pcap_close will be called and the capture pointer will be reset.
The above example works very well for udp traffic.
For vlan traffic when the same filter expression is changed to include vlan
Code:
filterExpr = "vlan 87 and udp and src host 192.168.16.100 and dst host 55.55.55.55 and src port 3248 and dst port 1234";
the pcap_dispatch works only for the very first time the traffic is selected for monitoring (ie., the very first time this filter is used.) the subsesquent times the pcap_dispactch hangs ie., after calling pcap_close once and then setting the filter again.
Any input would be of great help!
The libpcap version used is libpcap1.1.1.
Thanks in advance!
---------- Post updated at 06:15 PM ---------- Previous update was at 04:57 PM ----------
This is the sample program with which the above scenario can be simulated.
The below program first does the pcap_next for the given filter then after doing pcap_close and then does a pcap_loop.
This program works for filter "udp" and for "vlan and udp" it is only the first call for pcap_next works(ie, the hdr length gets printed) the subsequent call for pcap_loop does not work and it hangs in there..
Code:
#include <pcap.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h>
/* just print a count every time we have a packet... */
void my_callback(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char*
packet)
{
static int count = 1;
fprintf(stdout,"%d, ",count);
fflush(stdout);
count++;
}
int main(int argc,char **argv)
{
int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* descr;
const u_char *packet;
struct pcap_pkthdr hdr; /* pcap.h */
struct ether_header *eptr; /* net/ethernet.h */
struct bpf_program fp; /* hold compiled program */
bpf_u_int32 maskp; /* subnet mask */
bpf_u_int32 netp; /* ip */
if(argc != 2){ fprintf(stdout,"Usage: %s \"filter program\"\n"
,argv[0]);return 0;}
/* grab a device to peak into... */
dev = pcap_lookupdev(errbuf);
if(dev == NULL)
{ fprintf(stderr,"%s\n",errbuf); exit(1); }
dev = "eth1";
/* ask pcap for the network address and mask of the device */
pcap_lookupnet(dev,&netp,&maskp,errbuf);
/* open device for reading this time lets set it in promiscuous
* mode so we can monitor traffic to another machine */
descr = pcap_open_live(dev,BUFSIZ,1,-1,errbuf);
if(descr == NULL)
{ printf("pcap_open_live(): %s\n",errbuf); exit(1); }
/* Lets try and compile the program.. non-optimized */
if(pcap_compile(descr,&fp,argv[1],0,netp) == -1)
{ fprintf(stderr,"Error calling pcap_compile\n"); exit(1); }
/* set the compiled program as the filter */
if(pcap_setfilter(descr,&fp) == -1)
{ fprintf(stderr,"Error setting filter\n"); exit(1); }
pcap_next(descr, &hdr);
fprintf(stdout, "pkt length: %d\n", hdr.len);
pcap_close(descr);
pcap_freecode(&fp);
descr = NULL;
/* grab a device to peak into... */
dev = pcap_lookupdev(errbuf);
if(dev == NULL)
{ fprintf(stderr,"%s\n",errbuf); exit(1); }
dev = "eth1";
/* ask pcap for the network address and mask of the device */
pcap_lookupnet(dev,&netp,&maskp,errbuf);
/* open device for reading this time lets set it in promiscuous
* mode so we can monitor traffic to another machine */
descr = pcap_open_live(dev,BUFSIZ,1,-1,errbuf);
if(descr == NULL)
{ printf("pcap_open_live(): %s\n",errbuf); exit(1); }
/* Lets try and compile the program.. non-optimized */
if(pcap_compile(descr,&fp,argv[1],0,netp) == -1)
{ fprintf(stderr,"Error calling pcap_compile\n"); exit(1); }
/* set the compiled program as the filter */
if(pcap_setfilter(descr,&fp) == -1)
{ fprintf(stderr,"Error setting filter\n"); exit(1); }
/* ... and loop */
pcap_loop(descr,-1,my_callback,NULL);
return 0;
}
Moderator's Comments:
Please use [CODE] tags when posting source listings and the like.
Hi Folks,
I am currently moving systems to a new environment, with some changes to the network requirements on the systems.
One of these changes is moving from just standard IPMP to using IPMP on top of a VLAN, I have used VLAN tagging befor without issue - however not with IPMP.
What I... (2 Replies)
Hi Guys,
Our lpars is currently running on 2 different vlans (20, 30). Now we have a requirement that vlan 30 needs to be change to vlan 31 at the same subnet. I'm not sure on what is the best approach for this or what change is involve on the AIX side.
This is our setup.
Network switch -... (5 Replies)
Have 2 nics on physical system
net0 phys 1500 up --
net1 phys 1500 up --
1. I want to create a link aggregation with LACP enabled with above 2 nics
2. Create port-group(Like we create on ESXi) with VLAN-ID 2141
3. And assign this... (0 Replies)
We have two hosts in same vlan with same route rules.
One of them is not able to connect to an outside IP while in another I get "failed: Connection timed out" while testing the connectivity through netcat.
I have tried mtr /traceroute and it gives me the same results.
Is there a netcat... (1 Reply)
Hi,
Is it possible to VLAN tag with a ce interface on Solaris 9? Link speed is gb.
ce:0:ce0:link_speed 1000
I have a ce0 interface I would need to have access to another VLAN as well as the one it's currently on.
What commands would I need to run?
Thanks.;) (2 Replies)
Hello. I want to Communicate 2 VLAN with router like this solution:
http://8pic.ir/images/83m0ouih8mmm9s1sfl56.jpg
For this purpose I'm configuring 2 Linux system as a switch and connect 4 host to them. Then a router is added to scenario.
The configuration of the switches is:
On DUT1(Linux):... (1 Reply)
Hi all,
so server: FreeBSD 7.0 release,
interfaces on it DLINK DGE-528T with support of vlans :))
so first interface looks to LAN second to ISP.
I created vlan1 with id 1 and gave to it ip address and plug it in
tagged port of swith for vlan 1. so client from vlan1 reaches the server.
it... (2 Replies)
hi,
i tried to configure an VLAN interface on my SF280 based on the documentation on docs.sun.com
# ifconfig eri1000 plumb up
Oct 21 13:41:26 cmsmaster ip: ip_rput_dlpi(eri1000): DL_ERROR_ACK for DL_ATTACH_REQ(11), errno 8, unix 0
ifconfig: SIOCSLIFNAME for ip: eri1000: no such interface... (2 Replies)
08-17-2011
