Hey Stephen, Thanks, I'll take a look tonight, and make the changes. Carter
Carter Bullard QoSient LLC 150 E. 57th Street Suite 12D New York, New York 10022 +1 212 588-9133 Phone +1 212 588-9134 Fax -----Original Message----- From: Stephen Donnelly <[EMAIL PROTECTED]> Date: Thu, 10 Jan 2008 16:09:36 To:[email protected] Cc:[EMAIL PROTECTED] Subject: Re: [tcpdump-workers] tcpdump problem with DAG card On Thu, 2008-01-10 at 14:53 +1300, Stephen Donnelly wrote: > On Wed, 2008-01-09 at 17:25 -0800, Guy Harris wrote: > > On Jan 9, 2008, at 3:37 PM, lei wei wrote: > > > > > I'm actually trying to get Argus working with DAG but argus still > > > can't read > > > anything from it. > > > > From a quick look at the source to Argus 2.0.6, it appears to be > > assuming that you can do a select() on the result of pcap_fileno(), > > which, as far as I know, is *NOT* the case for DAG devices; I don't > > think the DAG driver supports select() or poll(). That might cause it > > (and other applications using select() or poll() on pcap streams) > > never to see any incoming packets, or to fail in other ways. > > > > Newer versions of libpcap (including 0.9.x) have > > pcap_get_selectable_fd(), which returns a file descriptor on which you > > can do select(), if such a descriptor exists, or -1, if no such file > > descriptor exists. > > I agree. From ArgusGetPackets() in ArgusOutput.c it appears that Argus > is intended to operate over multiple pcap interfaces, but incorrectly > assumes that pcap descriptors are always selectable. > > Because Argus does not check for selectable descriptors and work around > any non-selectable descriptors it is not possible to use Argus with DAG > cards without further modification. > > Curiously under CYGWIN it does not assume selectable descriptors, but > apparently works with only one interface in this case. It may be > possible to use this as the basis for non-selectable descriptors in > general. As a workaround, pretending to be CYGWIN gets Argus running. Changing #if defined(CYGWIN) to #if 1 at line 1797 in argus-3.0.0/argus/ArgusSource.c in order to use the non-select version of the code seems to work okay, although Argus will only be able to read from one interface. Cross-posting to the Argus list in case someone wants to have a better go at fixing this upstream. Stephen. -- ----------------------------------------------------------------------- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378 ----------------------------------------------------------------------- - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
