Re: Stopping packet capture on a libpcap descriptor

[Fernando Gont <fernando () gont com ar>]

On 11/28/2011 02:49 PM, Guy Harris wrote:
> > 1. Captures and sends some packets 2. Does something else 3.
> > Captures and sends some packets
> >
> > I'd like to use the same libpcap descriptor (pcap_t *) for both
> > Step 1 and step 2 above, but I don't want want libpcap to continue
> > capturing packets while the program is in step 3.
>
> I assume in the last paragraph there you said "step 2" when you meant
> "step 3" ("for both step 1 and step *3* above") and *vice versa*
> ("while the program is in step 2").

Yes, sorry. I meant I wanted to use the same pcap_t for Step #1 and Step
#3.


> > Any ideas?
>
> About the only thing I can suggest would be that, when step 2 starts,
> you set the capture filter to a small BPF program that just has a
> "ret 0" instruction, so that the filter rejects all packets, and then
> set the filter to something that captures the packets you want when
> step 3 starts.

Could you suggest a good reference for BPF syntax? -- So far I've only
used pcap_compile() and hence didn't really get into BPF.

In anycase, I guess one could achive the same sort of result (albeit
with a sloppy filter that rejects e.g., everything that's Ethernet when
one is capturing on ethernet).

Thanks!

Best regards,
-- 
Fernando Gont
e-mail: fernando () gont com ar || fgont () si6networks com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1



-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.