Re: [tcpdump-workers] pcap_stats

Wed, 19 May 2004 18:32:28 -0700 

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Gary" == Gary Portnoy <[EMAIL PROTECTED]> writes:
    Gary> ../libpcap-0.8.3/pcap-dlpi.c:           p->md.stat.ps_drop = sbp-> sbh_drops;
    Gary> ../libpcap-0.7.2/pcap-dlpi.c:           p->md.stat.ps_drop += sbp-> 
sbh_drops;

static int
pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps)
{

        /*
         * "ps_recv" counts packets handed to the filter, not packets
         * that passed the filter.  As filtering is done in userland,
         * this does not include packets dropped because we ran out
         * of buffer space.
         *
         * "ps_drop" counts packets dropped inside the DLPI service
         * provider device device because of flow control requirements
         * or resource exhaustion; it doesn't count packets dropped by
         * the interface driver, or packets dropped upstream.  As
         * filtering is done in userland, it counts packets regardless
         * of whether they would've passed the filter.
         *
         * These statistics don't include packets not yet read from
         * the kernel by libpcap, but they may include packets not
         * yet read from libpcap by the application.
         */
        *ps = p->md.stat;
        return (0);
}

http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/pcap-dlpi.c?r1=1.84&r2=1.85

1.85 Wed Feb 19 8:06:26 2003  by guy
Diffs to 1.84

According to the bufmod man page for Solaris 2.4 and 9 (meaning it's
probably true in all versions), "sbh_drops" is "the cumulative number of
input messages that this instance of bufmod has dropped due to flow
control or resource exhaustion."

"Cumulative" presumably means "don't add it to the count of drops, as
it's *already* a count since the capture started; just set the count of
drops to the value".  Do so.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] [EMAIL PROTECTED]      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQKwKOIqHRg3pndX9AQEqcgQA2Drhh4QJlEVUJM0s7Y07/6Xg9a3jzamu
tIcMeorX8YRIKG1QsHaKovrfYZoMHwa25P7wDpT/xdoTaVCVkNtHxgkm8AjMzN24
ztwYRmaPjWUYwsgaK0650t7WD0rcX9v888PqTpZpyAcT5imEH3OYLoVhQRZ/C2uB
cRCIg5+ID6Q=
=jm4V
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Reply via email to