I am using libpcap to capture data from PPP interface, and add filter as follow:
char filter_exp[] = "ip";
But when i sniff the packets in callback function, I found that the format of ip packet is
not correct, the header size is not 20 byte.
And when I capture packets from eth0, everything is normal.
So who can tell me how to get the correct ip packets from PPP interface by libpcap, thanks!
But when i sniff the packets in callback function, I found that the format of ip packet is not correct, the header size is not 20 byte.
Your callback function is using the results of a pcap_datalink() call on the pcap_t to determine how to parse the packets, or you've specified different callback functions depending on the results of pcap_datalink(), right?
If not, you are probably assuming that the packets will have a particular link-layer header type, which is always the wrong thing to do.
PPP packets won't necessarily have the same link-layer header type as Ethernet packets (although on Windows with WinPcap, they might have the same link-layer header type!). They might not have a PPP header, either; in particular, on Linux, they will have a Linux cooked capture header because, at least at one point, the kernel would strip the PPP header and supply no link-layer header, so libpcap had to do a "cooked" capture in order to be able to get the network-layer protocol type. pcap_datalink() will return DLT_LINUX_SLL, not DLT_PPP, for PPP devices on Linux, to indicate this.
