[Winpcap-users] IGMP Woes

Charles Rumford charlesr at cs.drexel.edu
Thu Feb 19 19:26:23 PST 2009 

I'm currently developing an application that captures IGMP packets.
The architecture of the application uses the Windows Event Handling
system to detect packets that are ready to be read, but I have hit a
snag in the development. After generating the HANDLE and handing it
off to WaitForMultipleEvents(), when an IGMP packet comes in, an event
isn't raised. When the  same code is used to generate the pcap_t and
pcap_loop() is used, IGMP packets are picked up. The IGMP packets also
show up in WireShark.

If the filter is changed to "igmp or ip multicast", multicast traffic
is picked up. I'm generating the IGMPs using VLC. They are generated
when an attempt at starting a multicast stream.

I have attached the code.

Is there any insight into what could be causing this, or how to fix it?

--
Charles Rumford
Quick meaningless comic non sequitur.


CODE:
#include <iostream>
#include "pcap.h"
#include "remote-ext.h"
#include <iphlpapi.h>
#include "Win32-Extensions.h"
#include "core/log.h"
#include "core/config.h"

static const int BUFSIZE = 10000;
static const int ADDRSIZE = 20;
static const int ERR_SLEEP = 2000;
static const int ERR_THRESH = 3;
static const int REBOOT_THRESH = 10000;

//used to display the incoming packets
void process(u_char *arg, const struct pcap_pkthdr* pkthdr, const
u_char * packet) {

 int i=0, *counter = (int *) arg;
 std::cout << "Count  : " << ++(counter) << std::endl;
 std::cout << "Size   : " << pkthdr->len << std::endl;
 std::cout << "Payload: " << std::endl;
 for(i=0; i<pkthdr->len; i++)
 {
   if(isprint(packet[i]))
     std::cout << packet[i];
   else
     std::cout << ". ";

   if( (i%32 == 0 && i!=0) || i==pkthdr->len-1)
     std::cout << std::endl;
 }
}


int main (int argc, char *argv[]) {
 if(argc != 2)
 {
     MINM_ERR("A device is needed. Please give provide one");
     ShowDevices();
     return 1;
 }
 char errbuff[PCAP_ERRBUF_SIZE];
 std::string device = argv[1];
 std::string ip = LookupIP(device);

 //set up the pcap_t
 pcap_t *pcapDevice;
 if((pcapDevice = pcap_open_live(device.c_str(),
     65535, 0, 1000, errbuff)) == NULL) {
   MINM_ERR("`1Could not open device \""+device+"\"");
   MINM_ERR(errbuff);
   return true;
 }

 bpf_u_int32 network;
 bpf_u_int32 netmask;

 if (pcap_lookupnet(device.c_str(),
                    &network, &netmask, errbuff) == -1) {
   MINM_ERR("Could not look up netmask");
   return true;
 }

 //set up a filter
 std::string filterStr = "( igmp )";
 struct bpf_program filter;

 if (pcap_compile(pcapDevice, &filter,
       (char*) filterStr.c_str(),
       1, netmask) == -1 ) {
   MINM_ERR("Trouble compiling filter \'"<< filterStr << "\'");
   return true;
 }

 if( pcap_setfilter( pcapDevice, &filter) !=0 ) {
   MINM_ERR("Filter could not be set\n" << pcap_geterr(pcapDevice));
   return true;
 }

 //setup a simple event handler
 HANDLE foo[1];
 foo[0] = pcap_getevent(pcapDevice);
 DWORD rv = WaitForMultipleObjects(1,foo,false,-1);
 if(rv == WAIT_FAILED)
 {
   throw "ERROR: The WaitForMultipleObjects has an error";
 }
 MINM_LOG(rv);


//  using pcap_loop()

//  int count=0;
//  pcap_loop(pcapDevice, -1, process, (u_char *) &count);

 return false;

}

-- 
Charles Rumford
Quick meaningless comic non sequitur.

More information about the Winpcap-users mailing list