libpcap丢弃来自特定IP的一些数据包
[英]libpcap drops some packets from specific IP
问题描述
I'm implementing packet collector, but I suffer from packet drops. 
我正在实现数据包收集器,但我遭受数据包丢失。
My binary can get most of packets from some specific IP region. 我的二进制文件可以从某个特定的IP区域获取大部分数据包 (Ex. 100.101.1.1, 100.101.2.1). (例如,100.101.1.1,100.101.2.1)。 But to some specific IP region, I cannot get any packet. 但对于某些特定的IP区域,我无法获得任何数据包。 (Ex. 200.201.1.1, 200.201.2.1) (例如200.201.1.1,200.201.2.1)
At that time, tcpdump can get packets from any IP regions. 那时,tcpdump可以从任何IP区域获取数据包。
My pcap code snippet from my implementation is followings: 我的实现中的pcap代码片段如下:
struct bpf_program fp;
pcap_t *pcd;
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32 netp;
char port[16], dev[16];
......
pcd = pcap_open_live(dev, BUFSIZ, PROMISCUOUS, -1, errbuf);
pcap_compile(pcd, &fp, port, 0, netp);
pcap_setfilter(pcd, &fp);
while(1){
packet = pcap_next(pcd, &hdr);
}
Is there any idea for me? 对我有什么想法吗?
1 个解决方案
解决方案1
0 2013-09-17 11:15:16
Since you mentioned that you can get all the ip packets on the interface using tcpdump , I would consider the following line in your code is all right as long as you are using the same interface name for the parameter dev as you use for tcpdump . 既然你提到你可以使用tcpdump获取接口上的所有ip数据包,我会考虑你的代码中的以下行是正确的,只要你使用与tcpdump相同的参数dev的接口名称即可。
pcap_open_live(dev, BUFSIZ, PROMISCUOUS, -1, errbuf);
The issue might be in the line, 问题可能在于,
pcap_compile(pcd, &fp, port, 0, netp);
In the above line, port variable is a filter string. 在上面的行中, port变量是一个过滤字符串。 Your packet collector will only collect the packets that passes this filter. 您的数据包收集器将仅收集通过此过滤器的数据包。 If you are not using proper filter parameters in your port string to allow also the packets involving ip addresses 200.201.xx , you will not capture them. 如果您未在端口字符串中使用正确的过滤器参数以允许涉及IP地址200.201.xx的数据包,则不会捕获它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.