On Jul 11, 2005, at 1:03 PM, Richard Huddleston wrote:
Just referencing Tim Carsten's pcap doc: "...to_ms is the read
time out...0
sniffs until an error occurs; -1 sniffs indefinitely)."
I *really* need to sit down and edit that document - and incorporate
Nathan Jennings' sniffex.c into it, as a replacement for the existing
sample code, because that document, well-intended though it might be,
has been a source of confusion for a while.
In particular:
0 doesn't "[sniff] until an error occurs", it blocks until either
1) an error occurs;
2) enough packets arrive to fill up whatever buffer is being
used by the particular packet capture mechanism (in some systems, one
packet is enough for that; in others, it would be more than one
packet, although the buffer is probably sized in units of bytes, not
packets, and the size depends on the particular OS and perhaps on the
particular release of that OS - FreeBSD is one of those platforms,
so, unless you want to have your application possibly wait
indefinitely to see a packet, if packets are arriving slowly, you
want a non-zero timeout, such as tcpdump's 1 second, i.e. 1000
milliseconds).
-1 doesn't do anything special - it either has no effect (if the
platform doesn't support a read timeout) or has platform-dependent
behavior (e.g., returning an error).
The libpcap man page says:
to_ms specifies the read timeout in milliseconds. The read
timeout is used to arrange that the read not necessarily return
immediately when a packet is seen, but that it wait for some amount
of time to allow more packets to arrive and to read multiple packets
from the OS kernel in one operation. Not all platforms support a
read timeout; on platforms that don't, the read timeout is ignored.
A zero value for to_ms, on platforms that support a read timeout,
will cause a read to wait forever to allow enough packets to arrive,
with no timeout.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
