I'm having a problem and I'd like to know if this is a bug or not:
If I set a filter that doesn't match any packet and then read, I don't get any packet. This is ok to me.
If I set a filter that doesn't match any packet but I did a previous read, I get packets.
Is that ok ? that old packets that doesn't match the current filter are returned ?.
I'm puting an example program (omited the headers and error checking for simplicity).
I'm using WinPCap 3.0 on a Windows 2000 SP4 box.
Thanks.
void set_filter(pcap_t* a_Dev, const char* a_Filter)
{
struct bpf_program bpfprog;pcap_compile(a_Dev, &bpfprog, const_cast<char*>(a_Filter), 1, 0xFFFFFE00);
pcap_setfilter(a_Dev, &bpfprog);
}
bool read(pcap_t* a_Dev)
{
pcap_pkthdr* p_hdr;
u_char* p_data;
return pcap_next_ex(a_Dev, &p_hdr, &p_data) == 1;
}int main()
{
char error[PCAP_ERRBUF_SIZE];
bool test;pcap_t* dd = pcap_open_live("\\Device\\NPF_{3F532625-F275-42E3-A1D2-EF5AEF988F6E}", 100, 1, 2000, error);
::Sleep(5000);
test = read(dd);
assert(test);
set_filter(dd, "host 1.1.1.1");
test = read(dd);
assert(!test);
return 0;
}
--
Gabriel Becedillas Developer CORE SECURITY TECHNOLOGIES
Florida 141 - 2� cuerpo - 7� piso C1005AAC Buenos Aires - Argentina Tel/Fax: (54 11) 5032-CORE (2673) http://www.corest.com
================================================================= This is the WinPcap users list. It is archived at http://www.mail-archive.com/[email protected]/
To unsubscribe use mailto: [EMAIL PROTECTED] =================================================================
