Hi, all.
I'm looking at the source code of LSF(Linux Socket Filter). I am a rookie in kernel hacking. I use the libpcap-0.4 which is patched for LSF.When I set the snap_len 1500 ( the MTU in ethernet) and set a filter such as "tcp and port 80", all the packet I sniff out will be filled with zero in the last 14 bytes (more or less maybe) . What's wrong? Now my solution is enlarge the snap_len into 1600. :-) My kernel version is 2.2.14, the default choice of RedHat 6.2.
When I look into the kernel source, I found it strange that I can only find the declaration of sk_run_filter(), but I cannot find any function which call sk_run_filter() except a EXPORT_SYMBOL(sk_run_filter). Why?
Thank you all..
--- Mao Yun:.˛mkabzwmb˛mbz_^nrzh&zzޗ+^jǫym@Aa0n+d
This archive was generated by hypermail 2b29 : Thu Aug 31 2000 - 21:00:17 EST