Folks;
On Sept 18th I upgraded to libpcap 6.2. At the same time a program
named 'divine' stopped working normally. Divine xmits arps and uses
libpcap to find responses in order to configure a laptops network
interface. the system is 4.3-RELEASE FreeBSD.
Prior to Sept 18 pcap_next() returned with each packet captured (or at
least at the open_live timeout (2500 msec)). Now it appears to block
until 7 packets have been captured, regardless of time. The number 7 is
what i have observed. This has taken almost 3 minutes in some cases.
With this delay I thought it had died altogether.
I have experimented with that time out value, but nothing (0|1|2500)
make any difference. The code snippet that starts the capture is below.
Rip Toren
/* one thread for arp, one for capture */
if (pthread_create(&t,0,send_arps,0)) {
fprintf(stdout,"Thread creation failed.\n");
exit(1);
}
/* Start a network capture session */
pd = pcap_open_live(device, ARP_H+ETH_H, 1, 2500, errbuf);
if (pd == NULL){
error2("pcap_open_live failed");
}
/* looking at the net captures */
sleep (3);
fprintf(stdout,"divine: now capture -- done sleeping\n");
/** This now waits for 7 (emperical observation) packets to return. That
is
91 to 168 seconds) **/
for ( ;(packet = ((u_char *)pcap_next(pd, &pc_hdr))) ; ){
struct libnet_ethernet_hdr *p;
struct libnet_arp_hdr *a;
p = (struct libnet_ethernet_hdr *)(packet);
fprintf(stdout,"have a cap packet %s\n",(ntohs(p->ether_type)));
if (ntohs(p->ether_type) == ETHERTYPE_ARP) {
/* is an ARP */
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
