问题
I need to receive incoming UDP packets using RAW socket, which is being opened using this code snippet:
static int fd;
char *iface;
iface = "eth0";
if ( (fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_IP))) < 0 )
{
perror("socket");
}
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, iface, strlen(iface)) < 0)
{
perror("bind");
exit(EXIT_FAILURE);
}
I send, say, 100 identical packets and try to receive and count them. I use recv(...) to do this. Only 93 packets are delivered, and then recv(...) hangs waiting for next ones. But if I run "Wireshark" (which uses libpcap) on the receiving side computer and make it listen on "eth0" to UDP packets, then my app will always catch 100 packets without any problems.
I can't understand what I'm actually doing wrong, and why does "Wireshark" influence my socket receiver as well?
P.S. I already tried to increase receive buffer size, but no success.
回答1:
By default, Wireshark is setting the network interface in promiscuous mode, using libpcap: https://github.com/the-tcpdump-group/libpcap/blob/735f1f9d3318693f0096be4198d34e9ac0985777/pcap-linux.c#L3528
Try adding this setsockopt call in your code, to see if it helps.
回答2:
Use libpcap instead of reinventing the wheel.
来源:https://stackoverflow.com/questions/32035153/why-does-a-pf-packet-raw-socket-stop-missing-packets-after-wireshark-was-launc