hi,
i am no specialist but pcap_loop() already does a loop for you.
:)
i would rewrite it like so:
#include <sys/types.h>
#include <stdio.h>
#include <pcap.h>
pcap_t * caph ;
struct pcap_stat ps ;
static int i = 0;
void phandler( u_char *, const struct pcap_pkthdr *, const u_char * ) ;
int main(void)
{
char dev[] = "eth0" ;
char ebuf[PCAP_ERRBUF_SIZE] ;
caph = pcap_open_live( dev, BUFSIZ, 1, 0, ebuf ) ;
pcap_loop( caph, -1, phandler, NULL ) ;
pcap_close( caph ) ;
return 0 ;
}
void phandler( u_char * args, const struct pcap_pkthdr * phdr, const
u_char
* pkt )
{
i++;
if (i==100) {
(void)pcap_stats(caph, &ps);
printf( "Recv: %d\tDropped: %d\n", ps.ps_recv, ps.ps_drop);
i = 0;
}
}
-alexm
--
�� ��� ��������-����, ��������-���� � ������� root'�... Enter!
On Mon, 21 Jul 2003, Richard rh310 wrote:
> SuSE Linux 8.2, Intel P4 3.xx GHz, 512MB RAM, "stock" pcaplib on SuSE
> distribution, 10MB 802.3 at about 2% utiliization. GNU gcc 3.3.
>
> I'm trying to use pcap_stats() to track the number of packet receives and
> drops, but the number received isn't what I expect and so I'm not sure I
> trust the count of drops. Sample code:
>
> #include <sys/types.h>
> #include <stdio.h>
> #include <pcap.h>
>
> void phandler( u_char *, const struct pcap_pkthdr *, const u_char * ) ;
>
> int main(void)
> {
> int i ;
> pcap_t * caph ;
> char dev[] = "eth0" ;
> struct pcap_stat ps ;
> char ebuf[PCAP_ERRBUF_SIZE] ;
>
> caph = pcap_open_live( dev, BUFSIZ, 1, 0, ebuf ) ;
>
> i = 0 ;
> while (1)
> {
> pcap_loop( caph, -1, phandler, NULL ) ;
>
> /* get stats every 100 packets */
> if ( i == 100 )
> {
> pcap_stats( caph, &ps ) ;
> printf( "Recv: %d\tDropped: %d\", ps.ps_recv, ps.ps_drop ) ;
> i = 0 ;
> continue ;
> }
> i++ ;
> }
>
> pcap_close( caph ) ;
> return 0 ;
> }
>
> void phandler( u_char * args, const struct pcap_pkthdr * phdr, const u_char
> * pkt )
> {
> /* nop for now */
> return 0 ;
> }
>
> Now, sometimes this program just sits there without generating any output at
> all (blocked on recv_from), and other times it outputs:
>
> Recv: 101 Drops: 0
> Recv: 101 Drops: 0
> Recv: 101 Drops: 0
> Recv: 101 Drops: 0
> Recv: 101 Drops: 0
> Recv: 101 Drops: 0
> ...
>
> tcpdump summary output from about 2 seconds of running tcpdump:
>
> 12012 packets received by filter
> 3303 packets dropped by kernel
>
> ...so there's data on the network, and there are dropped packets--and
> pcap_stats doesn't seem to be telling me anything much about either. About
> 98% of the traffic is unicast to the machine all this is running on, so even
> if someone the interface isn't going promisc there still should be more than
> I'm seeing in the output.
>
> Anyway, I'm scratching my head over both the tendency to block on recv_from,
> and to apparently mis-report the count of packets received and dropped.
>
> Richard
>
> _________________________________________________________________
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use mailto:[EMAIL PROTECTED]
>
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]
