[Winpcap-users] IGMP Woes

Charles Rumford charlesr at cs.drexel.edu
Fri Feb 20 09:28:42 PST 2009 

Thanks for the information. I have implemented it and it working as expected.

On Fri, Feb 20, 2009 at 12:03 PM, Gianluca Varenni
<gianluca.varenni at cacetech.com> wrote:
> The event that you get with pcap_getevent doesn't get signalled whenever a
> packet is received. It gets signalled when at least "mintocopy" bytes have
> been received by the capture driver. The default value for mintocopy is
> 16000, and it can be changed with pcap_setmintocopy. Be warned that putting
> a low value for mintocopy can eventually affect performance (because you run
> the risk of making a system call for every received packet).
>
> Hope this helps
> GV
>
> ----- Original Message -----
> From: "Charles Rumford" <charlesr at cs.drexel.edu>
> To: <winpcap-users at winpcap.org>
> Cc: "Joe Kopena" <tjkopena at cs.drexel.edu>
> Sent: Thursday, February 19, 2009 7:26 PM
> Subject: [Winpcap-users] IGMP Woes
>
>
>> I'm currently developing an application that captures IGMP packets.
>> The architecture of the application uses the Windows Event Handling
>> system to detect packets that are ready to be read, but I have hit a
>> snag in the development. After generating the HANDLE and handing it
>> off to WaitForMultipleEvents(), when an IGMP packet comes in, an event
>> isn't raised. When the  same code is used to generate the pcap_t and
>> pcap_loop() is used, IGMP packets are picked up. The IGMP packets also
>> show up in WireShark.
>>
>> If the filter is changed to "igmp or ip multicast", multicast traffic
>> is picked up. I'm generating the IGMPs using VLC. They are generated
>> when an attempt at starting a multicast stream.
>>
>> I have attached the code.
>>
>> Is there any insight into what could be causing this, or how to fix it?
>>
>> --
>> Charles Rumford
>> Quick meaningless comic non sequitur.
>>
>>
>> CODE:
>> #include <iostream>
>> #include "pcap.h"
>> #include "remote-ext.h"
>> #include <iphlpapi.h>
>> #include "Win32-Extensions.h"
>> #include "core/log.h"
>> #include "core/config.h"
>>
>> static const int BUFSIZE = 10000;
>> static const int ADDRSIZE = 20;
>> static const int ERR_SLEEP = 2000;
>> static const int ERR_THRESH = 3;
>> static const int REBOOT_THRESH = 10000;
>>
>> //used to display the incoming packets
>> void process(u_char *arg, const struct pcap_pkthdr* pkthdr, const
>> u_char * packet) {
>>
>> int i=0, *counter = (int *) arg;
>> std::cout << "Count  : " << ++(counter) << std::endl;
>> std::cout << "Size   : " << pkthdr->len << std::endl;
>> std::cout << "Payload: " << std::endl;
>> for(i=0; i<pkthdr->len; i++)
>> {
>>   if(isprint(packet[i]))
>>     std::cout << packet[i];
>>   else
>>     std::cout << ". ";
>>
>>   if( (i%32 == 0 && i!=0) || i==pkthdr->len-1)
>>     std::cout << std::endl;
>> }
>> }
>>
>>
>> int main (int argc, char *argv[]) {
>> if(argc != 2)
>> {
>>     MINM_ERR("A device is needed. Please give provide one");
>>     ShowDevices();
>>     return 1;
>> }
>> char errbuff[PCAP_ERRBUF_SIZE];
>> std::string device = argv[1];
>> std::string ip = LookupIP(device);
>>
>> //set up the pcap_t
>> pcap_t *pcapDevice;
>> if((pcapDevice = pcap_open_live(device.c_str(),
>>     65535, 0, 1000, errbuff)) == NULL) {
>>   MINM_ERR("`1Could not open device \""+device+"\"");
>>   MINM_ERR(errbuff);
>>   return true;
>> }
>>
>> bpf_u_int32 network;
>> bpf_u_int32 netmask;
>>
>> if (pcap_lookupnet(device.c_str(),
>>                    &network, &netmask, errbuff) == -1) {
>>   MINM_ERR("Could not look up netmask");
>>   return true;
>> }
>>
>> //set up a filter
>> std::string filterStr = "( igmp )";
>> struct bpf_program filter;
>>
>> if (pcap_compile(pcapDevice, &filter,
>>       (char*) filterStr.c_str(),
>>       1, netmask) == -1 ) {
>>   MINM_ERR("Trouble compiling filter \'"<< filterStr << "\'");
>>   return true;
>> }
>>
>> if( pcap_setfilter( pcapDevice, &filter) !=0 ) {
>>   MINM_ERR("Filter could not be set\n" << pcap_geterr(pcapDevice));
>>   return true;
>> }
>>
>> //setup a simple event handler
>> HANDLE foo[1];
>> foo[0] = pcap_getevent(pcapDevice);
>> DWORD rv = WaitForMultipleObjects(1,foo,false,-1);
>> if(rv == WAIT_FAILED)
>> {
>>   throw "ERROR: The WaitForMultipleObjects has an error";
>> }
>> MINM_LOG(rv);
>>
>>
>> //  using pcap_loop()
>>
>> //  int count=0;
>> //  pcap_loop(pcapDevice, -1, process, (u_char *) &count);
>>
>> return false;
>>
>> }
>>
>> --
>> Charles Rumford
>> Quick meaningless comic non sequitur.
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>



-- 
Charles Rumford
Quick meaningless comic non sequitur.

More information about the Winpcap-users mailing list