Re: forcing pcap_loop() failures

["rh" <rh.forums () verizon net>]

After playing around with this for a while, the solution I've used is to 
open two pcap_t * handles, set them non-blocking, and then call 
pcap_dispatch() on each of them within a while(1) loop.

This sucks for (at least) two reasons:  First, it's basically brain-dead and 
a CPU hog.  Second, for reasons I don't understand I seem to be losing 
packets on the eth1_handle.  The traffic volume on eth1 is probably 10x that 
of eth2, although at about 4 MB/s and the hardware I'm surprised to see 
this.

I'm going to implement the suggestion to use 'any' and then use pcap_loop().

// snippet
if ( pcap_setnonblock(eth1_handle, 1, errbuf) < 0 )
  error_exit( "pcap_setnonblock() eth1_handle failed: %s", errbuf ) ;

if ( pcap_setnonblock(eth2_handle, 1, errbuf) < 0 )
  error_exit( "pcap_setnonblock() secondary failed: %s", errbuf ) ;

while (1)
{
int rc ;
rc = pcap_dispatch( eth1_handle, 1, my_func, NULL ) ;
if ( -1 == rc ) // error condition rather than pcap_breakloop()
   log_event( "eth1 pcap_dispatch(): error: %s", pcap_geterr( 
eth1_handle ) ) ;

rc = pcap_dispatch( eth2_handle, 1, my_func, NULL ) ;
if ( -1 == rc ) // error condition rather than pcap_breakloop()
   log_event( "eth2 pcap_dispatch(): error: %s", pcap_geterr( 
secondaryCapHandle ) ) ;
}
// end snipped

----- Original Message ----- 
From: "Alex Dupuy" <alex.dupuy () mac com>
To: <tcpdump-workers () lists tcpdump org>
Cc: "Richard H." <rh.forums () verizon net>
Sent: Thursday, August 17, 2006 1:09 PM
Subject: pcap: forcing pcap_loop() failures


> Recent versions of libpcap have a pcap_breakloop() function that does what 
> you are specifically asking for (called inside a packet loop handler, it 
> causes an immediate return from the loop with a -2 error code), although I 
> suspect that using the "any" interface, or pcap_next_ex(), might be better 
> solutions to your overall problem.
>
> @alex


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.