ciao
I appreciate winpcap developers work at Politecnico di Torino.
Some questions about old and new features: 1) return codes from winpcap API
Just a memo.
Starting as a new winpcap developers, I have doubts about APIs return codes. In the help files and the code snippets they look different: Examples: different functions fails when... - func() != 0 - func() == -1 - func() < 0
When the function return type is go/no-go, is it always boolean with go= 0 for ALL the API ?
2) I am waiting keen and eager ;-) for the forthcoming kernel mode file dump (pcap_live_dump). I think it is an excellent idea.
What's about its development ? Can we hope to have it in the stable WinPcap 3.1 ?
Is it possible to capture and save packets with pcap_live_dump and also use pcap_next_ex to make realtime packet decoding, on the same pcap_t handle ?
Or, another way: is it possible to break the process in two, using two different
instances of pcap_t ?
- process A calls pcap_dump (or pcap_live_dump) to append data to the file;
- at the same time, process B (slow) read the data from the file and decode.
If working, I think it is the most elegant way to be sure to save all the packets, and also make realtime analisys.
And if anything goes slow (or wrong!) in the decoding and presentation code, it doesn't break the dump process.
3) The last tiny request.
I feel useful to read pcap_major_version() and pcap_minor_version() at the
application startup.
Unfortunately they require a open pcap_t handle, so I cannot check the version
before pcap_open().
Do they really need the handle to work ?
From a logical point of view, the version isn't linked to the capture
process, right ?
best regards, Massimo
*** buone feste dall'ITALIA ***
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[email protected]/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
