I'm having problems with tcpdump - it doesnt print out a single packet.
so I looked into the source and came until "recvfrom(...,&saddr,...)"
I noticed, that saddr.sa_data does not contain the interface name
e.g. "eth0". (saddr.sa_data is used for comparison later, when I commented
this out, I got all packets printed again).
but comparing with the programm "net-acct", which actually
works, didnt show me any obvious difference. there seem the be just
the same two system calls "socket(PF_INET,SOCK_PACKET,htons(ETH_P_ALL)"
and "recvfrom()" ...
here's a minimal test-prog I wrote which doesn't work either. can someone
tell me why &saddr is not being filled out as I expect it ?
-------------------------------------------------------------------------
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <ctype.h>
#include <errno.h>
#include <linux/if_ether.h>
void die(char *s) {
perror(s);
exit(-1);
}
void dump(u_char *s,int len,char *txt) {
int i;
printf("%s:\n",txt);
for (i=0;i<len;i++) printf("%.2x ",s[i]);
printf("\n");
for (i=0;i<len;i++) printf("%c",isprint(s[i])?s[i]:'.');
printf("\n");
}
void doit(int s) {
struct sockaddr saddr;
char buff[1600];
int slen;
int rc;
for(;;) {
rc=recvfrom(s,buff,sizeof(buff),0,&saddr,&slen);
if (rc==-1) return;
dump((u_char *)&saddr,sizeof(saddr),"saddr");
dump((u_char *)buff,rc,"buff");
/*printf("%s ",saddr.sa_data);*/
fflush(stdout);
}
}
void main() {
struct ifreq ifr;
int s;
s=socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL));
if (s==-1) die("socket");
strcpy(ifr.ifr_name,"eth0");
if (ioctl(s,SIOCGIFFLAGS,&ifr)==-1) die("ioctl");
/*ifr.ifr_flags |= IFF_PROMISC;*/
doit(s);
if (ioctl(s,SIOCSIFFLAGS,&ifr)==-1) die("ioctl");
close(s);
}