[Winpcap-users] IGMP Woes
Gianluca Varenni
gianluca.varenni at cacetech.com
Fri Feb 20 09:03:00 PST 2009
The event that you get with pcap_getevent doesn't get signalled whenever a
packet is received. It gets signalled when at least "mintocopy" bytes have
been received by the capture driver. The default value for mintocopy is
16000, and it can be changed with pcap_setmintocopy. Be warned that putting
a low value for mintocopy can eventually affect performance (because you run
the risk of making a system call for every received packet).
Hope this helps
----- Original Message -----
From: "Charles Rumford" <charlesr at cs.drexel.edu>
To: <winpcap-users at winpcap.org>
Cc: "Joe Kopena" <tjkopena at cs.drexel.edu>
Sent: Thursday, February 19, 2009 7:26 PM
Subject: [Winpcap-users] IGMP Woes
> I'm currently developing an application that captures IGMP packets.
> The architecture of the application uses the Windows Event Handling
> system to detect packets that are ready to be read, but I have hit a
> snag in the development. After generating the HANDLE and handing it
> off to WaitForMultipleEvents(), when an IGMP packet comes in, an event
> isn't raised. When the same code is used to generate the pcap_t and
> pcap_loop() is used, IGMP packets are picked up. The IGMP packets also
> show up in WireShark.
> If the filter is changed to "igmp or ip multicast", multicast traffic
> is picked up. I'm generating the IGMPs using VLC. They are generated
> when an attempt at starting a multicast stream.
> I have attached the code.
> Is there any insight into what could be causing this, or how to fix it?
> --
> Charles Rumford
> Quick meaningless comic non sequitur.
> #include <iostream>
> #include "pcap.h"
> #include "remote-ext.h"
> #include <iphlpapi.h>
> #include "Win32-Extensions.h"
> #include "core/log.h"
> #include "core/config.h"
> static const int BUFSIZE = 10000;
> static const int ADDRSIZE = 20;
> static const int ERR_SLEEP = 2000;
> static const int ERR_THRESH = 3;
> static const int REBOOT_THRESH = 10000;
> //used to display the incoming packets
> void process(u_char *arg, const struct pcap_pkthdr* pkthdr, const
> u_char * packet) {
> int i=0, *counter = (int *) arg;
> std::cout << "Count : " << ++(counter) << std::endl;
> std::cout << "Size : " << pkthdr->len << std::endl;
> std::cout << "Payload: " << std::endl;
> for(i=0; i<pkthdr->len; i++)
> {
> if(isprint(packet[i]))
> std::cout << packet[i];
> else
> std::cout << ". ";
> if( (i%32 == 0 && i!=0) || i==pkthdr->len-1)
> std::cout << std::endl;
> }
> }
> int main (int argc, char *argv[]) {
> if(argc != 2)
> {
> MINM_ERR("A device is needed. Please give provide one");
> ShowDevices();
> return 1;
> }
> char errbuff[PCAP_ERRBUF_SIZE];
> std::string device = argv[1];
> std::string ip = LookupIP(device);
> //set up the pcap_t
> pcap_t *pcapDevice;
> if((pcapDevice = pcap_open_live(device.c_str(),
> 65535, 0, 1000, errbuff)) == NULL) {
> MINM_ERR("`1Could not open device \""+device+"\"");
> MINM_ERR(errbuff);
> return true;
> }
> bpf_u_int32 network;
> bpf_u_int32 netmask;
> if (pcap_lookupnet(device.c_str(),
> &network, &netmask, errbuff) == -1) {
> MINM_ERR("Could not look up netmask");
> return true;
> }
> //set up a filter
> std::string filterStr = "( igmp )";
> struct bpf_program filter;
> if (pcap_compile(pcapDevice, &filter,
> (char*) filterStr.c_str(),
> 1, netmask) == -1 ) {
> MINM_ERR("Trouble compiling filter \'"<< filterStr << "\'");
> return true;
> }
> if( pcap_setfilter( pcapDevice, &filter) !=0 ) {
> MINM_ERR("Filter could not be set\n" << pcap_geterr(pcapDevice));
> return true;
> }
> //setup a simple event handler
> HANDLE foo[1];
> foo[0] = pcap_getevent(pcapDevice);
> DWORD rv = WaitForMultipleObjects(1,foo,false,-1);
> if(rv == WAIT_FAILED)
> {
> throw "ERROR: The WaitForMultipleObjects has an error";
> }
> MINM_LOG(rv);
> // using pcap_loop()
> // int count=0;
> // pcap_loop(pcapDevice, -1, process, (u_char *) &count);
> return false;
> }
> --
> Charles Rumford
> Quick meaningless comic non sequitur.
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list