Nmap Development mailing list archives
Misconception about how pcap_getevent() is meant to be used
From: Jan Danielsson <jan.m.danielsson () gmail com>
Date: Sun, 10 Mar 2024 15:17:09 +0100
Hello,When browsing/reading about pcap_getevent(), I got the impression that its intended use was roughly this (pseudo-code):
---------- cap = open_device(..); hev = pcap_getevent(cap); while(1) { // block and wait for data to become available for reading dw = WaitForMultipleObjects([hev]); if(dw == FIRST_INDEX) { // Enter a loop that calls pcap_next() until the buffer is empty } } ----------I.e. pcap_getevent() returns an HANDLE to an event semaphore that is "set" when there's data in the input buffer, and the application is meant to block and wait for it.
However, I have written code which does (rougly) what the code above does, but it never fires when packets arrive (I know I have the interface names and all that correct).
So I went to the source code. In threadsignaltest.c example it looks like the event semaphore is used in the "opposite" direction -- i.e. it is used to wake up pcap_next() et al.
And when I change the code to do that, it seems to work. Posting this in case anyone else runs into this misconception. -- Kind Regards, Jan _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
Current thread:
- Misconception about how pcap_getevent() is meant to be used Jan Danielsson (Mar 10)