On Tue, Apr 5, 2011 at 7:06 PM, Alessandro Baggi <alessandro.ba...@gmail.com> wrote: > Ok, but my app must take those packet from the net for other operation. For > this purpose I can also build my own structure to see arp parameter, but I'm > trying to know how to use arphdr structure. Someone has experience about it?
But http://www.openbsd.org/cgi-bin/man.cgi?query=pcap&sektion=3&apropos=0&manpath =OpenBSD+Current&arch=i386 is used for capturing of packets by eg. tcpdump or am I missing something? So probably you want to implement pcap in your app? > > Thanks in advance. > > Il 05/04/2011 14:51, Jan Stary ha scritto: >> >> On Apr 04 21:03:58, Alessandro Baggi wrote: >>> >>> Hi list. I'm coding a little program with libpcap that captures ARP >>> packet. >> >> Why? tcpdump arp >> >>> In this program I try to cast an B arphdr struct pointer to >>> the packet, to read ARP packet parameters, and in this point I have >>> the problem. >> >> tcpdump -e arp >> >> If you are sure you need to write your own code for this, >> look at the source of tcpdump to see how they do it. >> >>> This is the code of the callback pcap_loop function: >>> >>> void mac(u_char *args, const struct pcap_pkthdr *header, const >>> u_char *packet) >>> { >>> B B B B struct arphdr *arp = NULL; >>> B B B B arp = (struct arphdr *) packet; >>> B B B B printf("%d:%d:%d\n", arp->ar_sha[0], arp->ar_sha[1], >>> arp->ar_sha[2]); >>> B B B B return; >>> } >>> >>> Compiling this source, I get the following error: >>> >>> oad-cap.c: In function 'mac': >>> oad-cap.c:11: error: 'struct arphdr' has no member named 'ar_sha' >>> oad-cap.c:11: error: 'struct arphdr' has no member named 'ar_sha' >>> oad-cap.c:11: error: 'struct arphdr' has no member named 'ar_sha' >>> >>> Now, I've seen in /usr/include/net/if_arp.h and get: >>> >>> struct B arphdr { >>> B B B B u_int16_t ar_hrd; B B B /* format of hardware address */ >>> #define ARPHRD_ETHER B B 1 B B B /* ethernet hardware format */ >>> #define ARPHRD_IEEE802 B 6 B B B /* IEEE 802 hardware format */ >>> #define ARPHRD_FRELAY B 15 B B B /* frame relay hardware format */ >>> #define ARPHRD_IEEE1394 24 B B B /* IEEE 1394 (FireWire) hardware format >>> */ >>> B B B B u_int16_t ar_pro; B B B /* format of protocol address */ >>> B B B B u_int8_t B ar_hln; B B B /* length of hardware address */ >>> B B B B u_int8_t B ar_pln; B B B /* length of protocol address */ >>> B B B B u_int16_t ar_op; B B B B /* one of: */ >>> #define ARPOP_REQUEST B 1 B B B /* request to resolve address */ >>> #define ARPOP_REPLY B B 2 B B B /* response to previous request */ >>> #define ARPOP_REVREQUEST 3 B B B /* request protocol address given >>> hardware */ >>> #define ARPOP_REVREPLY B 4 B B B /* response giving protocol address */ >>> #define ARPOP_INVREQUEST 8 B B B /* request to identify peer */ >>> #define ARPOP_INVREPLY B 9 B B B /* response identifying peer */ >>> /* >>> B * The remaining fields are variable in size, >>> B * according to the sizes above. >>> B */ >>> #ifdef COMMENT_ONLY >>> B B B B u_int8_t B ar_sha[]; B B /* sender hardware address */ >>> B B B B u_int8_t B ar_spa[]; B B /* sender protocol address */ >>> B B B B u_int8_t B ar_tha[]; B B /* target hardware address */ >>> B B B B u_int8_t B ar_tpa[]; B B /* target protocol address */ >>> #endif >>> }; >>> >>> I've tried to #define COMMENT_ONLY, with no result. But I think that >>> the solution is not #define COMMENT_ONLY. >>> I've searched on google, same with no result. >>> Someone know what it does depend? >>> >>> Thanks in advance.
