tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

RE: HOWTO: pcap in 'background' thread

From: "Fulvio Risso" <risso () polito it>
Date: Thu, 20 Feb 2003 08:32:47 +0100
WinPcap has such a feature through the pcap_read_ex() call.
Everything can be done within a single thread.

We have the implementation for linux as well. Implementation in other
systems should be straightforward.
If the core members agree, we can commit these patches to the main libpcap
repository.

        fulvio


-----Original Message-----
From: owner-tcpdump-workers () sandelman ottawa on ca
[mailto:owner-tcpdump-workers () sandelman ottawa on ca]On Behalf Of Steve
Hyatt
Sent: Monday, February 17, 2003 23:12
To: tcpdump-workers () tcpdump org
Subject: [tcpdump-workers] HOWTO: pcap in 'background' thread


Hi all.

I am maintaining a piece of software which uses the pcap library
to monitor packets being sent from a given machine and then
categorizing this packets based on the destination IP grabbed
from the packet's headers.  The software uses pthreads to
separate the recording of the packets (through call to
pcap_open_live, pcap_loop, and a callback funtion) in one thread
from the processing of this data in another pthread thread.  The
implemented use of pthreads and mutex's are giving me problems
which I would like to resolve by removing pthreads.

I am not sure however how this can be done.  What i'd like to be
able to do is something like the following pseudo-code:

  while (!done) {
    use pcap to count packets and bytes for next 200 ms;
    evaluate last 200ms worth of data and process;
  }

The idea is only have one thread which does both things.  This
only would work however if there is a way to ask the pcap library
to 'watch packets for X MS'.  How can I do this?

I think I can do this by using fork to have a child process do
the capturing and using the callback to 'pipe' the data back to
the parent process, and have the wile loop in the parent process.
 However one of the platforms that I need a solution for does not
have the fork method (its an MMU-less platform).

Any help would be greatly appreciated.

Steve
shyatt () bigbangwidth com

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use

mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: