I'm working on a packet sniffer. The big problem is that my code works perfectly only under Backtrack 5 R3, but it doesn't work under other distributions! In fact, on Ubuntu 12.10 and ArchLinux, when the sniffer gets the first packet, I experience a segmentation fault (I get "segmentation fault core dumped"). At first, I thought the fault lay with the libraries or the compiler, but after some tests, I think I can exclude them! This is the situation:
我在研究包嗅探器。最大的问题是,我的代码在Backtrack 5 R3中工作得很好,但是在其他的发行版中它是不行的!事实上,在Ubuntu 12.10和ArchLinux上,当嗅探器得到第一个包时,我就会经历一个分割错误(我得到“分割错误核心转储”)。起初,我认为错误在于库或编译器,但是经过一些测试,我认为我可以排除它们!这是这种情况:
- Backtrack 5 R3 uses gcc 4.4.3 and libpcap 1.0.0
- 回溯5 R3使用gcc 4.4.3和libpcap 1.0.0
- Ubuntu 12.10 uses Gcc 4.7.2 and Libpcap 1.3.0
- Ubuntu 12.10使用Gcc 4.7.2和Libpcap 1.3.0
- ArchLinux the same as Ubuntu
- 和Ubuntu一样。
So I tried to downgrade on Arch to gcc 4.4.3 e libpcap 1.0.0, but I get the same error. I have some warnings while compiling the code, but nothing really important, and however it works perfectly under backtrack! That's the big mystery.
因此,我试图将Arch降级为gcc 4.4.3 e libpcap 1.0.0,但是我得到了相同的错误。在编译代码时,我有一些警告,但是没有什么特别重要的,但是它在backtrack下工作得很好!这是大谜。
Here's the code which cause the problem:
这是导致问题的代码:
void packet_dump(unsigned char *arguments, const struct pcap_pkthdr *pcap_data, const unsigned char *packet) {
int packet_data_len, tcp_header_size=0, total_header_size;
unsigned char *packet_data;
const unsigned char *ip_src_dest;
const struct header_ip *ip_header;
//Calculate the value of variables
ip_src_dest = (packet+LUNGHEZZA_INTESTAZIONE_ETH);
ip_header = (const struct header_ip *)ip_src_dest;
total_header_size = LUNGHEZZA_INTESTAZIONE_ETH+sizeof(struct header_ip)+tcp_header_size;
packet_data = (unsigned char *)packet + total_header_size;
packet_data_len = pcap_data->len - total_header_size;
//THIS CAUSE THE PROBLEM (Solved removing inet_ntoa and converting it manually)
printf("[ %s ] ============> ", inet_ntoa(ip_header->source_addr_ip));
printf("[ %s ] \n", inet_ntoa(ip_header->destination_addr_ip));
}
1 个解决方案
#1
0
I suspect your program is crashing because ip_header->source_addr_ip points to memory that you're not allowed to access. You should be able to use GDB to determine whether this is the case.
我怀疑您的程序正在崩溃,因为ip_header->source_addr_ip指向您不允许访问的内存。您应该能够使用GDB来确定这种情况是否存在。
#1
0
I suspect your program is crashing because ip_header->source_addr_ip points to memory that you're not allowed to access. You should be able to use GDB to determine whether this is the case.
我怀疑您的程序正在崩溃,因为ip_header->source_addr_ip指向您不允许访问的内存。您应该能够使用GDB来确定这种情况是否存在。