Attaching filter to raw sockets in Linux - C -

that question next step of this.

i changed code use af_packet socket, time, application needs deal lots of traffic. decided use lpf filter in order decrease workload of application.

here new program:

struct sock_fprog filter; int i, linecount = 0; int sd; char tcpdump_command[512]; file* tcpdump_output; sprintf(tcpdump_command, "tcpdump \"udp && src %s && src port %d\" -ddd -s 1600", ip, port); if ( (tcpdump_output = popen(tcpdump_command, "r")) == null ) {     perror("cannot compile filter using tcpdump.");     return; } if ( fscanf(tcpdump_output, "%d\n", &linecount) < 1 ) {     printf("cannot read linecount.\n");     return; } filter.filter = calloc(sizeof(struct sock_filter)*linecount,1); filter.len = linecount; ( = 0; < linecount; i++ ) {     if (fscanf(tcpdump_output, "%u %u %u %u\n", &(filter.filter[i].code), &(filter.filter[i].jt), &(filter.filter[i].jf), &(filter.filter[i].k)) < 4 ) {         printf("error in reading line number: %d\n", (i+1));         return;     } } pclose(tcpdump_output);  sd = socket(af_packet, sock_raw, htons(eth_p_all)); if ( sd == -1 ) {     perror("error in opening sd\n");     return; }  if (setsockopt(sd, sol_packet, so_attach_filter, &filter, sizeof(filter)) < 0 ) {     perror("cannot attach filter");     return -5; } 

the initialization of socket seems correct according this. however, final setsockopt fails "protocol not available". suggestion highly appriciated.

use sol_socket, kernel doc filter.txt

ioctls-

setsockopt(sockfd, sol_socket, so_attach_filter, &filter, sizeof(filter)); setsockopt(sockfd, sol_socket, so_detach_filter, &value, sizeof(value)); setsockopt(sockfd, sol_socket, so_lock_filter, &value, sizeof(value));