Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Is this a Bug? PCAP can't deal with ipv4&ipv6 hybrid data?

From: homeryan <homeryan () live cn>
Date: Fri, 30 Dec 2011 14:30:17 +0800
    I am processing a hybrid pcap file using libpcap and filter expression. The pcap file is hybrid with ipv4 & ipv6 
packets. The code fragment is as follows:
/*----------------------------------------------------------------------------*/    pcap_t * fp;
    string pcapfilename = "g00.pcap";
    string pcap_filter = "tcp dst port 80";
    struct bpf_program filtercode;

    // open pcap file
    if ((fp = pcap_open_offline(pcapfilename.c_str(), errbuf)) == NULL)
    {
        cout << "file open failed" << endl;
        return 0;
    }
    //set filter string    if (pcap_filter.length() > 0)
    {
        u_int32_t netmask = 0xffffffff;
        struct bpf_program filtercode;
        if (pcap_compile(fp, &filtercode, pcap_filter.c_str(), 1, netmask) < 0)
        {
            cout << "compile filter code error " << pcap_geterr(fp) << endl;
            pcap_close(fp);
            return 0;
        }
        if (pcap_setfilter(fp, &filtercode) < 0)
        {
            cout << "set filter error " << pcap_geterr(fp) << endl;
            pcap_close(fp);
            return 0;
        }
    }
    // read packets    while((ret = pcap_next_ex(fp, &hdr, &pData)) > 0)  //!!! notice here !!!
    {
         cout << "I got it!!!" << endl;
    }

/*----------------------------------------------------------------------------*/

    I'm assure that the pcap file has many packets with tcp dest port 80, but I got nothing while I try to read it out.
While I traced into the program, I got the "ret" is -2, it means the end of file is encountered.
I used another pcap file with pure ipv4 packets to test above code, it ran correctly and I got the right packets as 
expected.

Is this a bug?


2011-12-30



homeryan
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: