tcpdump, netacct & SOCK_PACKE

Herbert Rosmanith (herp@wildsau.idv.uni-linz.ac.at)
Sat, 6 Apr 1996 04:59:48 +0200 (MET DST)


hello,

I'm having problems with tcpdump - it doesnt print out a single packet.
so I looked into the source and came until "recvfrom(...,&saddr,...)"

I noticed, that saddr.sa_data does not contain the interface name
e.g. "eth0". (saddr.sa_data is used for comparison later, when I commented
this out, I got all packets printed again).

but comparing with the programm "net-acct", which actually
works, didnt show me any obvious difference. there seem the be just
the same two system calls "socket(PF_INET,SOCK_PACKET,htons(ETH_P_ALL)"
and "recvfrom()" ...

here's a minimal test-prog I wrote which doesn't work either. can someone
tell me why &saddr is not being filled out as I expect it ?

-------------------------------------------------------------------------
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <ctype.h>
#include <errno.h>

#include <linux/if_ether.h>

void die(char *s) {
perror(s);
exit(-1);
}

void dump(u_char *s,int len,char *txt) {
int i;
printf("%s:\n",txt);
for (i=0;i<len;i++) printf("%.2x ",s[i]);
printf("\n");
for (i=0;i<len;i++) printf("%c",isprint(s[i])?s[i]:'.');
printf("\n");
}

void doit(int s) {
struct sockaddr saddr;
char buff[1600];
int slen;
int rc;

for(;;) {
rc=recvfrom(s,buff,sizeof(buff),0,&saddr,&slen);
if (rc==-1) return;
dump((u_char *)&saddr,sizeof(saddr),"saddr");
dump((u_char *)buff,rc,"buff");
/*printf("%s ",saddr.sa_data);*/
fflush(stdout);
}
}

void main() {
struct ifreq ifr;
int s;

s=socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL));
if (s==-1) die("socket");
strcpy(ifr.ifr_name,"eth0");
if (ioctl(s,SIOCGIFFLAGS,&ifr)==-1) die("ioctl");
/*ifr.ifr_flags |= IFF_PROMISC;*/
doit(s);
if (ioctl(s,SIOCSIFFLAGS,&ifr)==-1) die("ioctl");
close(s);
}