Re: Coredump Without Much Info?

[Hei Chan <structurechart () yahoo com>]

Thanks for your quick reply.
Here is my code:pcap_t* m_pPcap;
 char *packet; struct pcap_pkthdr header;
 m_pPcap = pcap_open_offline(pcapFile, errbuf); if (pcapFile == NULL) {  exit(1); }

 while ((packet = (char*) pcap_next(m_pPcap, &header)) != NULL) {// do my stuffs here...}
The code above hasn't been changed for like a year.  It used to work long time back with other pcap files.
So I suspect that it has something to do with my pcap file. 


     On Saturday, July 11, 2015 1:32 AM, Guy Harris <guy () alum mit edu> wrote:
   

 
On Jul 10, 2015, at 7:53 AM, Hei Chan <structurechart () yahoo com> wrote:

> I am using libpcap 1.4.0 to read in pcap.
> And my application crashed at pcap_next() when it read the first packet from my pcap file:(gdb) bt#0  
> 0x00007ffff715a044 in pcap_next () from /usr/lib64/libpcap.so.1
>
> I used wireshark to open the pcap and wireshark doesn't show any error (e.g. no highlight in red, etc).
> Any idea how I can debug further?

First, read your code to make sure that, in your pcap_open_offline() call, you're checking whether it returns a NULL 
pointer and, if it does, print an error message (using the string put into the "errbuf" second argument to 
pcap_open_offline(), so that you not only know why the call failed, you know *why* it failed).

Second, read your code to make sure that you have declared a "struct pcap_pkthdr" - *not* a "struct pcap_pkthdr *"! - 
and are passing a pointer to that "struct pcap_pkthdr" to pcap_next().

Third, if you are doing both of those (or have changed the code so that it does both of those), and it still crashes, 
show us the code in your program so that we can see whether it's doing anything else wrong.

  
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers