相同的程序可以在 Opensuse 12.1 (x64) 上成功运行 虽然在 Fedora 16 上的 Fedora 16 (x64) 上无法运行,但它显示“Err calling pcap_compile” 我不知道这些操作系统之间有什么区别,我想他们完全一样,但我确保 Opensuse 12.1 可以成功过滤和捕获数据包。
int init_capture() {
int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* descr;
const u_char *packet;
struct pcap_pkthdr hdr; /* pcap.h */
struct ether_header *eptr; /* net/ethernet.h */
struct bpf_program fp;
char portfilter[20]= "dst port 1521";
bpf_u_int32 maskp;
bpf_u_int32 netp;
/* grab a device to peak into... */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
printf("%s\n", errbuf);
exit(1);
}
pcap_lookupnet(dev,&netp,&maskp,errbuf);
/* open device for reading */
descr = pcap_open_live(dev, BUFSIZ, 0, -1, errbuf);
if (descr == NULL) {
printf("pcap_open_live(): %s\n", errbuf);
exit(1);
}
if (pcap_compile(descr,&fp,portfilter,0,netp) == -1)
{
printf("Err calling pcap_compile\n");
exit(1);
}
if (pcap_setfilter(descr,&fp) == -1)
{
printf("Err setting filter \n");
exit(1);
}
/* allright here we call pcap_loop(..) and pass in our callback function */
/* int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)*/
/* If you are wondering what the user argument is all about, so am I!! */
pcap_loop(descr, -1, capture_callback, NULL);
fprintf(stdout, "\nDone processing packets... wheew!\n");
return 0;
}