[Winpcap-users] Urgent - Why the IPv6 packets are filtered out?

Gianluca Varenni gianluca.varenni at cacetech.com
Thu Jan 18 17:08:10 GMT 2007 

Have you tried capturing with that same filter with tcpdump or wireshark and see if the ipv6 packets are captured or not?

I suspect a bug in the pcap filter compiler.

Have a nice day
GV

  ----- Original Message ----- 
  From: Bassam A. Al-Khaffaf 
  To: winpcap-users at winpcap.org 
  Sent: Tuesday, January 16, 2007 10:11 PM
  Subject: [Winpcap-users] Urgent - Why the IPv6 packets are filtered out?


  Dear Folk,

   

     Please need your urgent help. I am using Winpcap 4.0 beta 3 developer's pack version to capture the Ethernet and IPv4/IPv6 headers in order to extract the MAC and IP addresses into my network application. The capturing operation is working fine, I mean capturing MAC and both IPv4/IPv6 addresses. However, when I try to filter out the traffic using both pcap_compile() and pcap_setfilter() functions along with the filter string "udp dst port 1812 or udp dst port 1813", Winpcap will no more show the IPv6 traffic, it shows only the IPv4 traffic destined to the two mentioned ports.

   

  If I changed the filter string to "ip or ip6", it will work fine but the problem here that the traffic destined not to the mentioned port will be captured as well

   

  The filtering part code snippet as shown here:

   

  /*****************************************************************************************/

      //The device is already opend

   

      if (d->addresses != NULL)

          /* Retrieve the mask of the first address of the interface */

          netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;

      else

          /* If the interface is without an address we suppose to be in a C class network */

          netmask=0xffffff; 

   

      //compile the filter 

      if (pcap_compile(adhandle, &fcode, "dst port 1812 or dst port 1813", 0, netmask) < 0)

      {

          cerr << "\nUnable to compile the packet filter. Check the syntax." << endl;

          /* Free the device list */

          pcap_freealldevs(alldevs);

          return -1;

      }

      

      //set the filter

      if (pcap_setfilter(adhandle, &fcode) < 0)

      {

          cerr << "\nError setting the filter." << endl;

          /* Free the device list */

          pcap_freealldevs(alldevs);

          return -1;

      }

   

     //Rest of code

  /*****************************************************************************************/

   

   

  Now if I comment out this part, I will be able to capture all the traffics includeing IPv6.

   

  I need your argent help and it is much appreciated.

   

  Regards

  Bassam



------------------------------------------------------------------------------


  _______________________________________________
  Winpcap-users mailing list
  Winpcap-users at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20070118/1b16c4ef/attachment.htm

More information about the Winpcap-users mailing list