Re: capturing on both interfaces simultaneously

[Guy Harris <guy () alum mit edu>]

On Dec 10, 2011, at 12:18 PM, rixed () happyleptic org wrote:

> > I am trying to use select, as it seems the most basic.
>
> If I understand correctly, you are replacing your threaded aproach by a singly
> threaded program using select. Unfortunately, I don't know any way to
> associate a file descriptor with a pcap handle portably. :-(

pcap_get_selectable_fd() if present in your libpcap, pcap_fileno() otherwise.

pcap_get_selectable_fd() will return -1 if libpcap knows that select() won't work; this is, I think, Linux, and the 
captures are being done on regular network interfaces, so it should work.

> Yes junkie uses one thread per interface.  The reason behind this is that I use
> it to perform a lot of process for every packet so using threads on many
> interfaces offer as much parallelism as necessary (even when you are interested
> in only one device you can still scatter its traffic through several handlers
> by proper filtering).

...although, unless the processing can make blocking system calls, this only helps to the extent that your machine can 
run multiple threads in parallel (for example, a 2-core machine could run two in parallel; I'm not sure whether 
multiple threads on a threaded processor would help or not).

> > Can I use pcap_loop when using select, or i have to use recvfrom in loop ?
>
> I think you will be forced into recvfrom

No, pcap_dispatch() should work.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.