[tcpdump-workers] pcap_loop() not returning after pcap_breakloop() until another packet arrives

2006-06-25 Thread Richard Hansen
Hi all,

I have one thread that sits in pcap_loop() and another thread that calls 
pcap_breakloop() when it is time to shut down.  My code works well on Windows 
(WinPcap 3.1).  On Linux (libpcap 0.9.4, kernel 2.6.16) the pcap_loop() doesn't 
return after calling pcap_breakloop() until another packet arrives.  Is this 
expected or proper behavior?  How can I tell Linux to return from that 
readfrom() call that it's blocking on?

Thank you!

Richard


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.


Re: [tcpdump-workers] regarding arp and rarp

2006-06-26 Thread Richard Hansen
Guy Harris [EMAIL PROTECTED] wrote:
 On Jun 26, 2006, at 12:03 PM, [EMAIL PROTECTED] wrote:
 
  I am trying to disect ARP/RARP packet.
  Basically I am looking for this information: Operation code,
 Sender HW address, Sender Protocol address, Destination HW address
 and Destination Protocol address.
  Is there a direct way using pcap to get that information.
 
 You can use libpcap to get the raw contents of packets,
 including ARP/
 RARP packets.
 
 You can't use libpcap to dissect ARP/RARP packets - or any
 other type
 of packets; it doesn't include any code to dissect packets.  You
 either have to write your own code to dissect them, or use some
 existing code to dissect them (for example, you could copy the code
 in tcpdump and modify it as necessary).

Although I haven't tried it out, libnet (http://www.packetfactory.net/libnet/) 
looks like it can dissect ARP (along with a bunch of other protocols).

Hope this helps,
Richard


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.


Re: [tcpdump-workers] pcap_loop() not returning after pcap_breakloop()

2006-06-27 Thread Richard Hansen
 If pcap_breakloop() is called in a signal handler, and the signal in 
 question isn't set up to restart system calls, that should 
 let the loop terminate cleanly.  If it's not called in a signal 
 handler, i.e. if there's no signal that was delivered to the process, 
 that won't help.

Can I send a signal myself to get it to terminate cleanly?  If so, is there a 
good reference for how to do this?  (Sorry, I'm new to C and *nix programming 
and I don't know much about signals.)

Thanks,
Richard


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.