On Feb 15, 2010, at 3:55 PM, Marco De Angelis wrote:
> I have set the non-blocking mode to 0, expecting
> the call to pcap_dispatch to hang when packets are not
> collected. But instead, I can see many printouts (Read 0 packets)
> which indicate that the pcap_dispatch has exited when no
> packets are dispatched. So, is the non-blocking mode bugged, or
> am I understanding the modality in the wrong way?
Non-blocking mode is, indeed, buggy in Snow Leopard; a non-blocking read from a
BPF device will return "no data available" unless the "store buffer" fills up.
It's also buggy in FreeBSD and DragonFly BSD, but, on sufficiently-up-to-date
versions of those systems, *if* you do a select() on a BPF device():
1) the select will return if the "store buffer" fills up *or* the timer
expires;
2) either of those two will cause the "store buffer" to be rotated to
the "hold buffer", so a non-blocking read will return data.
Neither of those are true in Snow Leopard. (The first of those isn't true in
*any* OS X release - the select() only returns if the "store buffer" fills up -
and is also not true in older versions of various BSDs.)
I've submitted bug reports for FreeBSD and DragonFly BSD; Matt Dillon said that
he picked up my fix for DFly BSD. I've also attached my fix to the OS X bug
you filed.
A read on a BPF device that's *not* in non-blocking mode will block if no
packets are available. *However*, if you've set a timeout on the BPF device -
as libpcap does if you specify a timeout in pcap_open_live(), or in
pcap_set_timeout() before pcap_activate() - it won't block *forever*; if the
timeout expires, and no packets have arrived, it'll return, saying no packets
arrived. *That's* why, even without turning non-blocking mode on, you
*eventually* get "Read 0 packets" indications - you've set a timeout of 1
second. However, the pcap_dispatch() call *will* block for a second.
Note that there is no guarantee that, on all platforms, pcap_dispatch() will
return after the timeout expires even if no packets have arrived. That is
*not* the case on Solaris, for example, and it might or might not work on Linux.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
