On Aug 7, 2004, at 12:41 PM, Carter Bullard wrote:
On mac os x 10.3.4, using libpcap-0.8.3, opening pcap with pcap_open_live(dev, 96, 1, 1000, errbuf) and reading packets with pcap_loop (pd, 1, callback, user), packets are queued until some magic number (looks to be 200) of packets is reached, and then I get them all. This can take however long it takes for this threshold to be reached (I've waited an hour).
The attached test program, when compiled and run on OS X 10.3.4 with both the 0.8.3 that comes with OS X 10.3.4 (the version string for that version of libpcap is misleading - it's 0.8.3 in 10.3.4) and with 0.8.3 compiled from the tcpdump.org source, doesn't wait for a large number of packets to arrive before printing that a packet arrived.
Is your test program doing something differently?
#include <stdio.h> #include <stdlib.h> #include <string.h> #include <errno.h> #include <pcap.h>
static char *copy_argv(char **);
static void callback(u_char *, const struct pcap_pkthdr *, const u_char *);
int
main(int argc, char **argv)
{
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *pd;
char *filter_string;
struct bpf_program filter;
int ret;
if (argc < 2) {
fprintf(stderr, "Usage: testpcap {device} [filter]\n");
return 1;
}
pd = pcap_open_live(argv[1], 96, 1, 1000, errbuf);
if (pd == NULL) {
fprintf(stderr, "testpcap: Can't open %s: %s\n", argv[1],
errbuf);
return 2;
}
if (argc > 2) {
filter_string = copy_argv(&argv[2]);
if (filter_string == NULL)
return 2;
if (pcap_compile(pd, &filter, filter_string, 1, 0) == -1) {
fprintf(stderr, "testpcap: Filter \"%s\" is invalid: %s\n",
filter_string, pcap_geterr(pd));
return 2;
}
if (pcap_setfilter(pd, &filter) == -1) {
fprintf(stderr, "testpcap: Can't set filter on %s: %s\n",
argv[1], pcap_geterr(pd));
return 2;
}
}
for (;;) {
ret = pcap_loop(pd, 1, callback, NULL);
if (ret == -1) {
fprintf(stderr, "testpcap: Error capturing on %s: %s\n",
argv[1], pcap_geterr(pd));
return 2;
}
if (ret == -2) {
fprintf(stderr, "testpcap: loop terminated\n");
return 2;
}
}
return 0;
}
/*
* Copy arg vector into a new buffer, concatenating arguments with spaces.
*/
static char *
copy_argv(char **argv)
{
char **p;
u_int len = 0;
char *buf;
char *src, *dst;
p = argv;
if (*p == 0)
return 0;
while (*p)
len += strlen(*p++) + 1;
buf = (char *)malloc(len);
if (buf == NULL) {
fprintf(stderr, "testpcap: malloc failed: %s\n",
strerror(errno));
return NULL;
}
p = argv;
dst = buf;
while ((src = *p++) != NULL) {
while ((*dst++ = *src++) != '\0')
;
dst[-1] = ' ';
}
dst[-1] = '\0';
return buf;
}
static void
callback(u_char *user, const struct pcap_pkthdr *phdr, const u_char *data)
{
printf("Packet received\n");
}
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
